NotebookForums.com › Forums › Notebook Manufacturers › Apple Notebook Forums › Apple Notebooks › New OS X trojan in the wild...
New Posts  All Forums:Forum Nav:

New OS X trojan in the wild...

post #1 of 8
10/31/07 at 4:38pm
Thread Starter 
Intego is reporting—and at least http://discussions.apple.com/thread....418]one person on the Apple discussion's board as well—that an trojan that affects OS X is in the wild.

It is currently found on pornography sites and poses as a codec package for viewing videos. One version of the file is called Ultracodec4313.dmg.

It requires administrative access to run.

When installed it changes your computer's DNS server and uses it to hijack weblinks and send you to phishing sites—that look like legitimate web sites such as eBay, PayPal, etc—or display advertising for pornographic and other spyware/phishing sites.

Note: THIS IS NOT A VIRUS. It is a Trojan Horse. It cannot spread to other computers from your own and requires administrative privileges to install.
Reply
Reply
post #2 of 8
11/1/07 at 2:25am
Not that Intego is marketing 'tools' to get rid of it or anything.

Its funny, the worst I have seen of it seems to change your DNS entry. Not exactly the worst thing I have ever heard of. Once again, if you need to enter a password to open a picture, DON'T! Common sense applied to computing is a good thing, and needing to be an administrator to view the porn you download should tell you something is fishy.

Seablade
Reply
Reply
post #3 of 8
11/1/07 at 3:14am
Reply
Reply
post #4 of 8
11/1/07 at 2:41pm
But still, 95% of computer users I know (this is the undergraduate college student crowd) have no "common sense applied to computing." They just double click whatever they download.

I think Apple needs to address this immediately, as the "no virus" image is one of their strongest selling points.
Reply
Reply
post #5 of 8
11/1/07 at 3:46pm
Address what specifically?

This is a trojan, there is no security weakness exploited. It is just like running a .bat file on windows that runs...(Going off memory)...

del *.* -y

Or something like that. Except this is more insidious. There is a reason it NEEDS admin priveliges to run, because there is no security weakness to exploit. It is changing settings on your computer, in this case specifically the DNS nameserver resolution address and installing a cron job to reset this every 15 minutes just in case you fix it. Both of these are completely legal operations for the ADMIN to do.

Again common sense HAS to apply here. There is no helping it. That is why Vista's ALLOW/DENY is so crap, because you have to manually accept everything and people get used to it. On a mac there are specific points where you are entering your password, and all of them have to do with installing something or changing a system setting. If you aren't absolutely certain about something you should never install it.

Seablade
Reply
Reply
post #6 of 8
11/2/07 at 12:26am
yeah, "oooooooh a trojan, that i have to be get at a porn website and install with admin privileges! so. scary."
Reply
Reply
post #7 of 8
11/2/07 at 1:11am
Thread Starter 
"deltree c: -y" IIRC.

I remember when you could run commands through IRC. I think I actually got someone to do that once.

"Hey, want to know a cool way to speed up your computer? Type run deltree c: -y"

Reply
Reply
post #8 of 8
11/2/07 at 2:46am
Quote:
Originally Posted by seablade View Post
Not that Intego is marketing 'tools' to get rid of it or anything.

Its funny, the worst I have seen of it seems to change your DNS entry. Not exactly the worst thing I have ever heard of. Once again, if you need to enter a password to open a picture, DON'T! Common sense applied to computing is a good thing, and needing to be an administrator to view the porn you download should tell you something is fishy.

I would hope common sense would prevail in this case. But my experience with Windows users has tainted my view of the ability of the human race.
Reply
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Apple Notebooks
NotebookForums.com › Forums › Notebook Manufacturers › Apple Notebook Forums › Apple Notebooks › New OS X trojan in the wild...