On mySimon: Say You're One of Them
BNET Business Network:
BNET
TechRepublic
ZDNet

June 11th, 2009

Mac OS X malware posing as fake video codec discovered

Posted by Dancho Danchev @ 1:15 am

Categories: Anti Virus, Apple, Hackers, Malware, Passwords

Tags: Apple Macintosh, Malware, Spyware, Adware & Malware, Cyberthreats, Apple Mac OS X, Apple Mac OS, Viruses And Worms, Security, Operating Systems, Dancho Danchev

Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object found at a bogus Macintosh PortTube site.

The use of fake video codecs is a social engineering tactic exclusively used by malware targeting Windows, and seeing it used in a Mac OS X based malware attack proves that successful social engineering approaches remain OS independent.

Prior to PareteLogic’s sample, SophosLabs appear to have received an email from the author of last month’s discovered OSX/Tored-A sample, allowing them to add generic detection for any upcoming releases.

Here are some of the PornTube templates used in the social engineering attack, a description of the malware, as well the descriptive filenames used in some of the campaigns:

OSX/Jahlav-C is described as:

“OSX/Jahlav-C is a Trojan created for the Mac OS X operating system. The initial malicious installer is distributed as a missing Video ActiveX Object.

As a part of the installation a malicious shell script file AdobeFlash is created in /Library/Internet Plug-Ins folder and setup to periodically run. The script contains another shell script in an encoded format which in turn contains a Perl script with the main malicious payload. The perl script uses http to communicate with a remote website and download code supplied by the attacker.”

The campaign is also using descriptive files such as, HDTVPlayerv3.5.dmg; VideoCodec.dmg; FlashPlayer.dmg; MacTubePlayer.dmg; macvideo.dmg; License.v.3.413.dmg; play-video.dmg, and QuickTime.dmg.

What’s Apple’s take on this emerging trend?

Earlier this week, in a rare comment of potential Mac OS X related insecurities in the face of malware, the company not only acknowledged OS X Malware, but also pointed out that :

The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection.

Is the company finally taking the right decision to generate security awareness on a threat that is prone to become a daily routine in the long term, or was it too slow to stop using the Mac’s massively advertised immunization to malware as a key differentiation factor?

What do you think?

Talkback.

Dancho DanchevDancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.

Email Dancho Danchev

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 79 Talkback(s)
The Apple dilemna
Well sure, I agree, but to be fair that's not the only selling point. I have musician and DJ friends who will not use anything but a Mac, if only for the stability of the OS.

They don't want... (Read the rest)
Posted by: Theseus Posted on: 06/16/09 You are currently: a Guest | | Terms of Use
The Apple dilemma  honeymonster | 06/11/09
But  jdbukis@... | 06/11/09
That's true. And as we've seen with Windows people are all too trusting...  ye | 06/11/09
Your right.  jdbukis@... | 06/11/09
The problem...  ye | 06/11/09
hmm...  Badgered | 06/11/09
Why yes, yes it is. Which is why I said:  ye | 06/11/09
@ye  Badgered | 06/12/09
That is not what I said  honeymonster | 06/11/09
Is that not the conclusion you were attempting to imply?  ye | 06/11/09
Problem is....  daMan25 | 06/11/09
See this post of mine:  ye | 06/11/09
I agree.....  daMan25 | 06/11/09
We're moving to McAfee and...  ye | 06/11/09
I'm a Mac user...  lostark98 | 06/15/09
Speaking for Mac users??  23Tracy | 06/15/09
Human Behavior  bcclendinen@... | 06/16/09
Consider using SRP  mechBgon | 06/11/09
Not entirely true  honeymonster | 06/11/09
Not really  EmperorDarius | 06/11/09
Read the article  macadam | 06/11/09
False Sense of Security  bobiroc | 06/11/09
It's not about market share  rag@... | 06/11/09
Ignorance is bliss  tonymcs@... | 06/11/09
The Apple dilemna  Theseus | 06/16/09
There's been proof long before this  rpmyers1 | 06/11/09
Possibly a bit of perspective,,,  RicD_ | 06/11/09
Some more perspective  rpmyers1 | 06/11/09
And not using windows update -NT-  jdbukis@... | 06/11/09
RE: Mac OS X malware posing as fake video codec discovered  DannyO_0x98 | 06/11/09
It's been my experience A/V software causes more problems...  ye | 06/11/09
Not entirely accurate  wolf_z | 06/11/09
I'm not so sure I agree.  ye | 06/11/09
Well, everybody has off days...  wolf_z | 06/11/09
It's more than a single click.  ye | 06/11/09
You're wrong  EmperorDarius | 06/11/09
False sense of security  bobiroc | 06/11/09
We're already seeing more news articles.  ye | 06/11/09
Av software Hasnt been that simple for a long time.  jdbukis@... | 06/11/09
Had AntiVirus on my Macs  bobiroc | 06/11/09
Tard time again  rag@... | 06/11/09
It has a lot to do with MarketShare  bobiroc | 06/11/09
This...  EmperorDarius | 06/11/09
Show me the proof  bobiroc | 06/11/09
ROTFL! (NT)  John Zern | 06/11/09
Whats so funny  bobiroc | 06/12/09
So why???  rag@... | 06/11/09
Old information  bobiroc | 06/11/09
Argument is approaching five years in age.  ye | 06/11/09
Yes you are a Tard  jdbukis@... | 06/11/09
I have a question on the number of Mac viruses  John Zern | 06/11/09
Option B (nt)  bobiroc | 06/12/09
I'm no mac user  Li1t | 06/12/09
re: Had AntiVirus on my Macs  WarhavenSC | 06/11/09
We tried  bobiroc | 06/12/09
Just stop going to those Porn sites. *NT*  esdrasf@... | 06/11/09
PornTube?  lantzn | 06/11/09
Judging from the name  bobiroc | 06/11/09
Apparently it's a website  macadam | 06/11/09
More reasons to not pay three times as much for Macs  progon | 06/11/09
You betray your igrorance.  UrbanBard | 06/11/09
Don't feed the trolls (NT)  Timpraetor | 06/11/09
Sure about that?  mechBgon | 06/11/09
Like, Oh My god! -  Timpraetor | 06/11/09
Child?  lantzn | 06/11/09
RE: Mac OS X malware posing as fake video codec discovered  gertruded | 06/11/09
Thats usually the case  bobiroc | 06/11/09
RE: Mac OS X malware posing as fake video codec discovered  Timpraetor | 06/11/09
Thats the real security  bobiroc | 06/12/09
RE: Mac OS X malware posing as fake video codec discovered  trm1945 | 06/12/09
I agree..  JCitizen | 06/13/09
RE: Mac OS X malware posing as fake video codec discovered  phatkat | 06/12/09
RE: Mac OS X malware posing as fake video codec discovered  crunchthenumbers@... | 06/12/09
Apple lost major protection by switching to Intel CPUs.  Joel R | 06/15/09
RE: Mac OS X malware posing as fake video codec discovered  mdg1019 | 06/15/09
RE: Mac OS X malware posing as fake video codec discovered  bklooste | 06/15/09
Please understand...  OffPanel | 06/15/09
Almost here!!!  z3r0_f4ct0r | 06/16/09
Good Information on Infection Rates?  bcclendinen@... | 06/16/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here