Mac Attack: Porn video lures dropping DNS-changer Trojan

Mac Attack: Porn video lures dropping DNS-changer Trojan

Summary: Well-organized identity thieves are using porn video lures to deliver malware to Mac OS X users, confirming fears among security researchers that it's only a matter of time before Apple's fast-growing platform becomes a big malware target.

SHARE:

Organized identity thieves are using porn video lures to deliver malware to Mac OS X users, confirming fears among security researchers that it's only a matter of time before Apple's fast-growing platform becomes a big malware target.

The ongoing attack, first spotted by Intego, includes spammed links to Mac forums that point to free adult-themed videos. Clicking on the one of the videos pops up Web page that looks like this:

Porn videos deliver malware to Mac OS X

The site uses that pop-up to get users to download a disk image (.dmg) file disguised as a codec that's required for viewing the video. If the Mac machine's browser is set to to open "Safe" files after downloading, the .dmg gets mounted and the Installer is launched.

The target must click through a series of screens to become infected but once the Trojan is installed, it has full control of the machine.

According to anti-virus vendors, the Trojan is programmed to change the Mac's DNS server, a trick used by phishers to load fake Web pages and hijack valuable user data.

Offensive Computing provides a walk-through of the risk scenario:

This Trojan horse, a form of DNSChanger, uses a sophisticated method, via the scutil command, to change the Mac’s DNS server (the server that is used to look up the correspondences between domain names and IP addresses for web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web pages displaying ads for other pornographic web sites. In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be hijacked. In the latter case, it seems that this is being done solely to generate ad revenue.

MacWorld provides step-by-step removal instructionsTechmeme discussion.

Topics: Servers, Apple, Browser, Hardware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

177 comments
Log in or register to join the discussion
  • Lets see...

    So if I view porn with Windows no one will attack me.... riigghhtt.

    Or if I view porn on a Mac and accept codecs to see "more" I will be attacked.

    Sounds like a real problem....IF you view porn and IF you accept changes to your system to see "more".

    <yawn>
    Jim888
    • *eye roll*

      don't forget: "The target must click through a series of screens to become infected..."

      That is what is so nice about Windows. Spyware gets installed without all the hassle of [i]user interaction[/1].

      Nothing to see here except the usual misleading headline "we finally found a real live Mac virus!" FUD

      Move along...
      sv650touring@...
      • Bzzzt, wrong

        Its obvious you have not used Vista.
        No_Ax_to_Grind
        • Besides that...

          ...i get the feeling the Mac may fear alot worse than its users might think against concerted crack attempts.

          I say it's just a matter of time before the cracking community find it within themselves to *try out* Apple.

          I am genuinely curious as to whether Macs can hold up against genuine threats on the scale that MS OS's face.

          I don't like their chances in the long run.
          thx-1138_
          • Especially since...

            the Mac community has been so used to not having to worry about malware and virii. The average Joe user has been conditioned to believe their OS is impenetrable.
            bigsibling
          • I tend to agree

            I'm sure virtually everyone reading this (mac and windows users alike) look at this attack and think, WTH would fall for this attack?

            But those who don't go around reading Mac forums just might. If you look back to 6 or 7 years ago, a lot of malware got through via social engineering that wasn't that different from this attack.

            Once you get away from tech savvy users, you see people who manage to get all kinds of cr*p on their computers. I had a friend who managed to get adware on his PC that adaware rated an 8 or 9. Until then, I'd never seen anything higher than a 3 (and still haven't on my machine). He dozens of viruses (I've never had one).

            I asked, "do you download every attachment that comes from strangers"? He didn't answer.
            notsofast
          • It IS in all practical meaning secure

            Remember, in the example above the user has to hold its virtual hand all the way for
            it to work, i.e by entering an admin username and password.

            No different than installing the usual software and very different from how software,
            malicious or not, can install itself completely automatically in Windows.

            So yes, no spots on Mac OS X's reputation, it's still secure.
            Mikael_z
        • Bzzzt, wrong

          " It's obvious you have not used Vista. "

          I'm using Vista so what's your point? I have a mac and Linux systems also and no problem from either. It's not the system it the user!
          aussieblnd@...
          • Beating around bushes...much?

            In one post, you demand proof that this Mac exploit actually exists, and that people are actually getting their computers infected by it. Now you say it's about the user, not the platform. Do you know anything about security and hacking, or do you just have a habit of trolling in waters as murky as the Hudson itself, without a clue where you're going or what you're talking about? If you know something about security and its implementation, please, share it. Otherwise, be aware that anyone who listens to you only gets dumber as a result.
            santuccie
        • RE: Bzzzt, wrong

          ...and why would any Mac user want to try Vista? That's like saying "It's obvious you have not driven a Yugo" I am sure it is a great experience, but why?
          gnugen
        • Nope.

          UAC doesn't stop viruses from messing with the
          user's files, just the kernel. Meaning all your
          saved passwords, all your
          browsing/emailing/instant messaging activity, is
          still exposed to viruses. It's obvious you use
          Vista without even understanding how it works.
          AzuMao
      • But there is a truth here...

        ...and that truth is that there is nothing inherrently safe about a Mac or any other system -- the only thing that has protected Macs thus far is small market share. The issue of clicking through is speciffic to this attack -- eventually, more sophisticated attacks will be mounted, new holes found. It's a matter of time and attention. As Macs gain market share, the attention will come.
        pfvolpe@...
        • Two years later...

          ... and we only just now find out that there's a 'bounty' on
          infecting Macs. Why?

          Could it be because Macs really are harder to break into?

          I don't doubt that eventually something will work; but after two
          years of attempts no more successful than this one, you have
          to wonder. The only successful trojans so far into a OS X have
          involved pirated and hacked versions of legitimate applications;
          the victims being people who want something for nothing.
          Vulpinemac
      • its that arrogance that will unleash a firestorm against macs

        in the near future, and with their large increase in sales,


        just a prediction...

        and just a matter of time
        pcguy777
        • ITS kind of like those who though the TITANIC was unsinkable

          seriously.
          pcguy777
        • Never will happen.

          I don't care how popular the Mac becomes. Unix/FreeBSD OSes are just
          not as susceptible to viruses as Windows. I've had Virus Barrier X5 for
          over two years on my Mac, and guess what? I haven't gotten infected by
          simply surfing the net or installing software. It just doesn't happen on a
          Mac. Saying that Macs will eventually become infected with viruses is like
          saying Linux will. Unix based OSes just aren't as prone to viruses as the
          Windows OS. If you want to escape viruses, buy a Mac or a Linux box.
          Infection just doesn't happen. I'm proof, too.
          powershaker
    • Let's not see!

      So the moral of the story is? Fishing for porn will give you a disease! Then your entire entourage will find out you have VD (Video Disease).
      Just say no to porn! Or go rent it somewhere!
      aussieblnd@...
      • for those that are saying if you don't look at porn no worries but what

        for those that are saying if you don't look at porn no worries but what happens when they put this out for say a movie trailer.

        no porn just a movie preview.

        and being that most mac users don't run anti virus software and most are not geeks like us who live on zdnet.

        they will be pwned. say what you want but as the mac platform gets a larger user base it will get more attacks. you can put your head in the sand and say it's not true and believe the FUD apple tells you or open your eyes and see it's just a matter of time before macs osx starts getting whacked. and keep your data safe.
        SO.CAL Guy
        • It's not just porn....

          Any video posted on a Social Networking site is potentially dangerous to view. I run an Internet Cafe and the past couple of months have had several machines get hit from customers installing video codecs. We have a strict no porn or get tossed out of the Cafe rule.

          It doesn't matter, if the user wants to view the file they will go "Click, Click, Click..." When I think about it, careless Windows users are switching to Mac thinking that will make them safe; thus making Mac a prime target as the user base grows. I have serviced these users machines before they bought their Mac and have told them to not go "Click, Click, Click..." and it is not always OK to click OK. Most malware is brought on by the user; to fix a malware problem you need to fix your internet habits first.

          Uncle Buck :?)
          Uncle Buck
          • Nope.

            It's safe to view.

            Just don't download and install shady programs
            that it says you need. Only get
            flash/quicktime/etc from their official websites.
            "Problem" solved.
            AzuMao