toggle

AAPL Stock: 103.47 ( + 0.97 )

Printed from http://www.macnn.com

New Mac Trojan masquerades as video codec

updated 12:05 pm EDT, Thu June 11, 2009

New Mac malware circulates

A new piece of Mac-targeted malware has entered the wild, say security researchers with ParetoLogic. Dubbed OSX/Jahlav-C, the software is currently associated with a website called PornTube, and is described as a Trojan concealing itself as an ActiveX object needed to run video. The approach is somewhat unusual in that ActiveX is uniquely associated with Windows, and therefore less likely to deceive a Mac user.

Should a PornTube visitor agree to install the object, an "AdobeFlash" shell script file is created in a Mac's /Library/Internet Plug-Ins folder. The file is set to execute periodically, and contains a shell script with a Perl script buried inside. The Perl code in turn communicates with a distant website, downloading data for malicious purposes. Other files associated with the Trojan include: HDTVPlayerv3.5.dmg, VideoCodec.dmg, FlashPlayer.dmg, MacTubePlayer.dmg, macvideo.dmg, License.v.3.413.dmg, play-video.dmg and QuickTime.dmg.

While malware remains uncommon on the Mac, Apple has had to stray from assertions that the platform is effectively immune to problems experienced by Windows users. A high-profile Trojan released this year has been tied to pirated copies of iWork and Photoshop, and it is believed that more malware will debut as Macs gain popularity. Hackers are known to target common platforms for the widest possible impact.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. lkrupp

    Joined: Dec 1969

    +19

    So tell us please

    "Apple has had to stray from assertions that the platform is effectively immune to problems experienced by Windows users."

    What vulnerability, security defect, poor programming, or other defect in OS X allows this trojan to be installed surreptitiously without the poor, clueless user knowing about it? Oh wait, it's the vulnerability, security defect, poor programming between the user's ears that is the problem, not OS X. I see now. Thanks for clearing that up.

  1. lkrupp

    Joined: Dec 1969

    +13

    And oh...

    We'll probably never hear a peep out of anyone who gets nailed by this trojan. It would be too embarrassing to have to admit how stupid they are.

  1. nat

    Joined: Dec 1969

    +9

    so

    let's say that the mac gets 10 viruses a day, every day, from now on and windows somehow manages to never get another one. since windows has conservatively 150,000 today, it would take roughly 40 years for the mac to catch up.

    i'll take my chances.

  1. IxOsX

    Joined: Dec 1969

    +14

    Trojan not Virus

    Let me try to understand... This is some code from a porno site who ask to be installed, and the user say yes? So is this a security problem from the OS? Do not think that it is... This is a malware installed by the user and allowed to run by the distract user. So unlike the a real Virus, dissimination is null. Except for that user!

  1. testudo

    Joined: Dec 1969

    +2

    Re: so

    Windows doesn't have 150,000 viruses. Most of those are trojans, malware/spyware, and other fun stuff users install because people are good at fooling users at installing stuff.

  1. byRyan

    Joined: Dec 1969

    +14

    Trojan

    and here I thought a Trojan was supposed to protect you from the nasty viruses assosiated with the S***** women of the adult industry ;)

  1. nat

    Joined: Dec 1969

    +6

    you say tomato..

    "Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U. S. states."

  1. eldarkus

    Joined: Dec 1969

    +6

    re: IxOsX

    Let me try to understand... This is some code from a porno site who ask to be installed, and the user say yes? So is this a security problem from the OS?

    Absolutely true.. My house came with a similar defect. I sent keys to my house to over 100 people who were on parole for burglary.. and damned if a bunch of them didn't break in!

  1. MacScientist

    Joined: Dec 1969

    +6

    ActiveX for MacOS X?

    This Trojan is supposed to be an exe file that installs an ActiveX object? I can confirm that this is true. Exactly how is this even Mac malware? Just because it has OS-X in its name?

    Every Mac user with half a brain knows that legitimate sites do not prompt users to install codecs. Furthermore, I have never ever seen a QuickTime codec installed automatically--not the first time, anyway. They all require explicit and affirmative action by the user. This site has been flagged by Google as distributing malware. My installation of Safari 4.0 diverts all attempts to watch the video to a warning about malware. It's more of a block actually. However, the blocked file is clearly a Windows file.

    Long story short--this is much ado about nothing.

  1. dynsight

    Joined: Dec 1969

    +4

    Trojans....Ha!

    People who contract this OS X trojan should use the OTHER types of Trojans so they don't propagate their "stupid" gene to their offspring.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Kanex KTU10 Thunderbolt to USB 3.0 and eSATA

Apple has never been shy about funky ports -- first it was Apple Desktop Bus, and its own DIN-8 serial port. Following that came FireW ...

Logitech Hyperion Fury mouse

Selecting the correct gaming mouse comes down to finding a device that balances the needs of a user with a price they can afford. Ofte ...

Life n Soul BM211 Bluetooth speaker

Bluetooth speakers aren't only for listening to some music at the park or on a long bus ride, but can also be built with tablets in m ...

toggle

Most Commented