On CBSSports.com: John Madden curses 2 NFL players
BNET Business Network:
BNET
TechRepublic
ZDNet
27 TalkBacks

By Liam Tung , ZDNet Australia
Posted on ZDNet News: Nov 8, 2007 5:51:00 AM

If Mac users thought the Trojan discovered last week was a one-off, they'll need to think again.

Security firm F-Secure has discovered 32 variants of it, but claims about its powers have been wildly overstated, according to experts.

"Looks like the Mac Trojan we posted about last week was not an isolated incident. The gang behind it seems serious about targeting Mac users as well as Windows users. And they keep putting out slightly modified versions of the Trojan for the Mac too," Mikko Hypponen, chief research officer at F-Secure, wrote in his blog this week.

Last week, Mac security software vendor Intego discovered a Trojan designed for Mac OS X being distributed via porn sites.

The Trojan is being disguised as a codec, a device used to decode digital streams. If it is downloaded, it alters a computer's domain name system (DNS) server, redirecting the machine to porn sites of the malware distributor's choice. The prime purpose appears to be to make money when people click on ads served on the sites.

The "payloads" of the 32 variants of the Trojan are the same as the original discovered by Intego. However, F-Secure technical manager Patrik Runald said the Trojan is also on a reconnaissance mission of sorts: it reports its findings back to an IP address in the Ukraine.

"It reports the name of the computer and the operating system version back to another IP address within the Ukraine to keep track of the installs they have," he told ZDNet Australia.

There is also a version for Windows platform users, said Runald, and it was this version that led him to the conclusion the group behind the DNS-changing Mac Trojan is the same group behind the malware released earlier this year known as "zlob."

"Zlob is also about click ads and showing ads on your PC and are also typically distributed through fake codecs," Runald said.

It shows that Macs are "starting to get interesting for the bad guys," he added.

"It's not an isolated incident because it's a professional gang behind it, not some teenagers trying to prove a point," Runald said. "They're actually making money out of it and because of this it's unlikely to end soon."

However, Runald said, the Trojan does not mean Mac platforms are facing a malware epidemic.

Liam Tung of ZDNet Australia reported from Sydney.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 27 Talkback(s)
wait a sec, 20 years?
and you still dont know how to get IE to prompt you before installing or running anything?

good grief, no wonder you are a stout mac defender, you are too stupid to use something that doesnt hold your hand through everything.... (Read the rest)
Posted by: JamesDoyle Posted on: 11/13/07 You are currently: a Guest | | Terms of Use
Wow, there are now 32 pieces of malware targeting OS X!!  NonZealot | 11/08/07
Ah well...  ego.sum.stig@... | 11/08/07
With you, that would be 33...  BitTwiddler | 11/08/07
One actually  voska | 11/08/07
I agree, was using Mac zealot logic  NonZealot | 11/08/07
Seeing you rant...  crampy20 | 11/08/07
actually...  doh123 | 11/10/07
You really need to research, NZ...  vulpine@... | 11/12/07
re:Multiplying Mac Trojan not epidemic yet  Intellihence | 11/12/07
Even Windows users don't need to live in fear...  Resuna | 11/12/07
macs are not "vulnerable" to this software at all, no exploit  jjarman | 11/12/07
this is why it is not an epidemic yet  jjarman | 11/12/07
They could always use  tracy anne | 11/13/07
Installing unknown software is risky, no matter the OS  Heatlesssun1 | 11/08/07
Linux has the advantage only because it is so insignificant (nt)  crampy20 | 11/08/07
That may be true  ROTORY | 11/12/07
Who "hates to admit" this?  Resuna | 11/12/07
Agreed in principle  thx-1138_@... | 11/12/07
wait a sec, 20 years?  JamesDoyle | 11/13/07
Now in Linux's favor  tracy anne | 11/13/07
No where near the number that plagues per say Windows  Boot_Agnostic | 11/08/07
It's a Trojan Not Virus  joedokes | 11/08/07
Speaking of stupid  Mujibahr | 11/10/07
It's THEN not THAN!  tracy anne | 11/13/07
Would the porn be free?  Feldwebel Wolfenstool | 11/09/07
Doesn't matter how you count  JoeBob_z | 11/13/07
******** = "hard" + "core"  JoeBob_z | 11/13/07

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Smartphones

  • Last year, many businesses deferred the purchase of new laptops in favor of smartphones, and why not? Offering phone, calendar, email, IM and Web access, they're arguably the most practical business tools. Check out the latest CNET Reviews of Blackberry devices for all the knowledge you need to make an intelligent choice.
  • Sleek. Thin. Light.
  • With its full keyboard and high-res screen, the BlackBerry® Curve™ 8900 is the perfect fit for your work and your life. Learn more
advertisement
Click Here