Intego issues a security alert
TweetFollow Us on Twitter

Intego issues a security alert

Here's how Intego describes the situation: "A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites. When the users arrive on one of the web sites, they see still photos from reputed porn videos, and if they click on the stills, thinking they can view the videos, they arrive on a web page that says the following: Quicktime Player is unable to play movie file. Please click here to download new version of codec.

"After the page loads, a disk image (.dmg) file automatically downloads to the user's Mac. If the user has checked Open "Safe" Files After Downloading in Safari's General preferences (or similar settings in other browsers), the disk image will mount, and the installer package it contains will launch Installer. If not, and the user wishes to install this codec, they double-click the disk image to mount it, then double-click the package file, named install.pkg.

"If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator's password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the web site, they will simply come to the same page and receive a new download.

"This Trojan horse, a form of DNSChanger, uses a sophisticated method, via the scutil command, to change the Mac's DNS server (the server that is used to look up the correspondences between domain names and IP addresses for web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web pages displaying ads for other pornographic web sites. In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be hijacked.In the latter case, it seems that this is being done solely to generate ad revenue.

"Under Mac OS X 10.4, there is no way to see the changed DNS server in the operating system's GUI. Under Mac OS X 10.5, this can be seen in the Advanced Network preferences; the added DNS servers are dimmed, and cannot be removed manually. (Intego is currently testing previous versions of Mac OS X; it is likely that they can be infected as well, since all versions of Mac OS X have the scutil command.)

"The Trojan horse also installs a root crontab which checks every minute to ensure that its DNS server is still active. Since changing a network location could change the DNS server, this cron job ensures that, in such a case, the malicious DNS server remains the active server. This Trojan horse also provides different versions of itself, perhaps according to the country in which the user is located to provide country-specific spoofing. Repeated downloads of the disk image show that there are several different versions."

Intego says the best way to protect against this exploit is to run Intego VirusBarrier X4 with its virus definitions dated Oct. 31. The company says theIntego VirusBarrier X4 eradicates the malicious code and prevents the Trojan horse from being installed.

Or you could stay away from the porn sites.

 
AAPL
$476.68
Apple Inc.
+0.00
GOOG
$609.85
Google Inc.
+0.00
MSFT
$30.66
Microsoft Corpora
+0.00
MacNews Search:
Community Search:
See All

Tweetbot Makes The Jump to iPad
As you may have already read, earlier today Tweetbot just released a fresh new release of their extremely popular iPhone Twitter client.  Going along with that, developer Tapbots has also announced that there is finally an iPad version of the application available on the App Store. | Read more »
Tweetbot Reaches Version 2.0
Here at 148apps, we’re big fans of Tweetbot. Offering pretty much everything anyone could ever want from a Twitter client, it’s no wonder that we feel that way. I know I’m quietly hopeful that one day a desktop client as good as it will come along. Developers, Tapbot, aren’t ones to rest on their impressive laurels though and the release of 2.0 is... | Read more »
Demolicious Review
Demolicious Review By Rob Rich on February 8th, 2012 Our Rating: :: ORDINANCE & CHAOSiPhone App - Designed for the iPhone, compatible with the iPad Nothing says “Circus” like firing cannon balls at explosives.   | Read more »
Settle in for a Serious Read with Longfo...
It may seem anathema in the early 21st century, but some people still prefer their news in-depth, thorough and well-written. But in a twitterpated sound-bite culture it’s difficult to find comprehensive news reporting much less an app that serves it without paying for multiple subscriptions. A new iPad app on the news aggregator scene, Longform,... | Read more »
Elf Defense Review
Elf Defense Review By Rob Rich on February 8th, 2012 Our Rating: :: HABIT-FORMINGUniversal App - Designed for iPhone and iPad Call it a fluke or call it careful planning, but Elf Defense is a TD game that hits all the right notes.   | Read more »
Social And Location Aware News With Arou...
Regardless of the location, there’s bound to be something interesting going on somewhere. AroundNow seeks to provide an easy way of seeing exactly what’s going on locally at any time. | Read more »
Royal Trouble: Hidden Adventures Review
Royal Trouble: Hidden Adventures Review By Jennifer Allen on February 8th, 2012 Our Rating: :: CASUAL MYSTERYiPad Only App - Designed for the iPad A lighthearted casual adventure gaming experience that’s a small step up in challenge from the hidden object genre.   | Read more »
Favorite Four Apps For Valentine’s Day
Ah, Valentine’s day. That wonderful day where those in relationships set huge expectations for perfect romantic escapades that can seldom be met by their partner and singles wish they could share in the homage to Hallmark and Cupid. Finding the right thoughtful token or date locale doesn’t have to be an expensive ordeal, however. As always there... | Read more »
AWESOME Land Review
AWESOME Land Review By Jason Wadsworth on February 8th, 2012 Our Rating: :: RETRO REMIXUniversal App - Designed for iPhone and iPad An etherial homage to the 16-bit platformers of days gone by.   Developer: FreakZone | Read more »
Workout Companion, iMuscle, Updates with...
Was your New Year’s resolution to get back in shape? The iPad and iPhone can be great workout companions, especially with apps like iMuscle from 3D4Medical.com. iMuscle is a workout aid that can be used to find exercises that coincide with specific muscles in the body. The muscles are displayed in a visually appealing 3-D view that the user can... | Read more »
See All
All contents are Copyright 1984-2010 by Xplain Corporation. All rights reserved. Theme designed by Icreon.