During an eye-opening presentation at the VB Conference 2009 conference here, Sophos Labs researcher Dmitry Samosseikko provided a glimpse into the "Partnerka," a Russian network of spam and malware affiliates that have turned their attention to the Mac platform -- using social engineering tricks to load fake codecs and scareware programs.
Samosseiko discussed the "codec-partnerka," which is dedicated solely to the sale and promotion of fake Mac software.
[ SEE: Mac Attack: Porn video lures dropping DNS-changer Trojan ]
The site was also offering various promotional materials in the form of MacOS video players, a sign that the investment is just more than tricking users into paying for fake security software.
In the past, we have seen the use of porn video lures to trick Mac users into downloadiing and installing DNS changer Trojans.
The DNS changer Trojans typically change the Mac’s DNS server (the server that is used to look up the correspondences between domain names and IP addresses for web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web pages displaying ads for other pornographic web sites.