NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0340 First MAC Trojan Begins to Breed:


The MACs first Trojan won't be its last. Security researchers at F-Secure have found that the gang behind the malware has been churning out slightly modified versions to evade anti-malware detection. That's nothing new - the fake codec the Trojan is masquerading as is a variant of Trojan.DNSChanger, malware that's been plaguing Windows users for some time. An F-Secure researcher said "This operation keeps modifying their ... Trojans constantly: they have been doing this for their Windows malware for a long time; now they are also doing it for MAC." The DNS Changer Trojan was being served on porn sites, purportedly as a codec that would enable visitors to view porno videos. Various porn sites would each get one installer, which the gang would then use for tracking purposes. The codecs are modified throughout the day to evade detection. Many MAC enthusiasts have been skeptical about this Trojan, dismissing the hype as overreaction. Their arguments boil down to three tenets: There are far fewer threats to the MAC operating system than for Windows, Users are at risk only if they surf porn, and a User must go to great length to get infected - i.e., download the fake codec, open it, run the installer, and enter in an administrative password. A researcher with McAfee AVert Labs rebutted these arguments noting that it only takes one threat to get infected, dozens of domains have been found that serve the malware and yet have nothing explicitly to do with porn, and a click-to-install requirement didn't keep Bagle from becoming one of the most successful pieces of Windows malware ever.

(eWEEK 07NOV07)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Wednesday, 23-Jan-2008 18:09:03 EST