On mySimon: ifrogz Soft Touch Lux Case for iPhone 3g
BNET Business Network:
BNET
TechRepublic
ZDNet

September 25th, 2009

Malware affiliate bounty: Infect a Mac, earn 43 cents

Posted by Ryan Naraine @ 6:03 am

Categories: Adobe, Anti Virus, Apple, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Flash, Locally Running Web Servers, Malware, Passwords, Patch Watch, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Web, Apple Macintosh, Malware, Desktops, Hardware, Ryan Naraine

GENEVA — In a sign that cyber-criminals are investing more time and resources into attacks against Apple’s Mac users, a new malware affiliate program has been discovered offering 43c for every infected Mac machine.

During an eye-opening presentation at the VB Conference 2009 conference here, Sophos Labs researcher Dmitry Samosseikko provided a glimpse into the “Partnerka,” a Russian network of spam and malware affiliates that have turned their attention to the Mac platform — using social engineering tricks to load fake codecs and scareware programs.

Samosseiko discussed the “codec-partnerka,” which is dedicated solely to the sale and promotion of fake Mac software.

[ SEE: Mac Attack: Porn video lures dropping DNS-changer Trojan ]

He pointed to a site called Mac-codec.com (now offline) which was offering $0.43 for each malicious install, a price tag that suggests the Mac platform is becoming more and more lucrative to online crime gangs.

The site was also offering various promotional materials in the form of MacOS video players, a sign that the investment is just more than tricking users into paying for fake security software.

In the past, we have seen the use of porn video lures to trick Mac users into downloadiing and installing  DNS changer Trojans.

The DNS changer Trojans typically change the Mac’s DNS server (the server that is used to look up the correspondences between domain names and IP addresses for web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web pages displaying ads for other pornographic web sites.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 288 Talkback(s)
But what if.....
But what if .... nothing happens..???? Will you admit that you bought the
wrong machine? or just find some other place to try and point out how
Vista is so great?


happy

Just a thought.
en... (Read the rest)
Posted by: eldernorm Posted on: 09/30/09 You are currently: a Guest | | Terms of Use
It has begun...  vulpine@... | 09/25/09
I don't think it'll be as bad as Windows has it ....  kingtj | 09/25/09
This is not an inherent weakness in Windows.  ye | 09/25/09
What the system asks of developers is part of the design  Steven Rogers | 09/25/09
The systems didn't "ask" for such a design.  ye | 09/25/09
You seem to forget...  RocketEater | 09/25/09
No, I did not forget.  ye | 09/25/09
It's quite simple ...  de-void | 09/25/09
Why?  Lester Young | 09/25/09
Two things  stano360 | 09/25/09
Pure ignorance of the Mac  macadam | 09/25/09
The Mac version of Quick Books isn't on par with the Windows version.  ye | 09/25/09
Some ignorance of Quicken/Quickbooks  vulpine@... | 09/25/09
What the system asks of developers and users...  ChrisGnyc | 09/25/09
But wrong. nt  ye | 09/25/09
Breaking the rules...  Wolfie2K3 | 09/25/09
Windows vs Mac...  prof123 | 09/25/09
Re: Windows vs Mac..  JT82 | 09/25/09
Windows UAC  vulpine@... | 09/25/09
The reason for the reduction is simple:  ye | 09/25/09
Not good.  jdbukis@... | 09/25/09
Anything from the internet  proadventurer | 09/25/09
Mac vs. PC(a true analysis)  daMan25 | 09/25/09
Well Said - nt  ItsTheBottomLine | 09/25/09
One LARGE hole in your assertions  JoeBob_z | 09/25/09
Windows user has no more to worry about than the Mac user.  ye | 09/25/09
Priceless  honeymonster | 09/25/09
Blind Faith  djchandler | 09/25/09
honeymonster relies on swiss dimwittedness  HerbertH_02 | 09/25/09
@ ye  athynz | 09/25/09
@athynz:OK...which is it? Do we argue default state or not?  ye | 09/25/09
@HerbertH_02  JM1981 | 09/28/09
Are you really this ignorant?  baileysc | 09/29/09
Patching isn't the same as the successful exploits in Windows  Mikael_z | 09/25/09
The problem is most of the successful exploits were patched...  ye | 09/25/09
Who gives a sh*t if they've patched it or not...  Mikael_z | 09/25/09
@Mikael_z: Those millions of people should care.  ye | 09/25/09
Hey genius.....  daMan25 | 09/25/09
Apple claimed 91% of the revenue market share for computers costing $1,000+  Mikael_z | 09/25/09
@Mikael_z: The market share argument is sound.  ye | 09/26/09
@Mikael  daMan25 | 09/26/09
Type one vulnerabilities exist on OS X too.  ye | 09/25/09
Check your facts a bit  mechBgon | 09/25/09
Type 2 scenario  fitguy7x5 | 09/25/09
One small clarification.  ye | 09/25/09
The admin password myth  joblak@... | 09/25/09
Yes No doesn't matter...  deowll | 09/26/09
No Type 1  rag@... | 09/28/09
But type one is possible.  ye | 09/28/09
Hmm  Evilyn | 09/28/09
yeah, being the environment means u get poisoned  gabrielbear@... | 09/25/09
Low bar  jregooden | 09/25/09
Not very low.  ye | 09/25/09
problem is management  Dave Keays | 09/25/09
When I say developers I'm talking about the companies...  ye | 09/25/09
Maybe not Windows by itself...  arminw | 09/25/09
Care to join us in 2009?  ye | 09/25/09
and yet...  rwahrens1952 | 09/25/09
This is the best response you could muster?  ye | 09/25/09
I guess it must be concluded that...  zkiwi | 09/25/09
@zkiwi:If someone chooses to continue using a product for which...  ye | 09/25/09
@ye  zkiwi | 09/27/09
@zkiwi: Wow are you reaching.  ye | 09/27/09
@ye: When's the last time you were on dialup?  vulpine@... | 09/28/09
@vulpine: Do you have a source for this average?  ye | 09/28/09
@ye  zkiwi | 09/29/09
@zkiwi: The reference was patches, not service packs.  ye | 09/29/09
you make valid points, but...  ericesque | 09/25/09
It goes beyond the user in Windows. The flaw is in design.  i8thecat | 09/25/09
Windows only listens to ports for services being offered.  ye | 09/25/09
LOL!  RocketEater | 09/25/09
LOL is always my reaction to i8thecat's comments.  ericesque | 09/25/09
Cat, I have to disagree. And I'm a lifetime Apple user.  vulpine@... | 09/25/09
We still have machines running conficker  deowll | 09/26/09
Virii???  nfhiggs@... | 09/25/09
I think it will be worse  Snarfiorix | 09/25/09
Developer's Neglect  joel@... | 09/25/09
There lies the problem - a design flaw  prof123 | 09/25/09
Speaking of design flaws...  vulpine@... | 09/25/09
I believe you're referring to a Shatter attack. And it's been fixed...  ye | 09/25/09
Yes it is  jdbukis@... | 09/25/09
No it can't....  i8thecat | 09/25/09
@i8thecat: Yes, it can.  ye | 09/25/09
There are clear separations.  ye | 09/25/09
"This is not an inherent weakness in Windows' security."  vulpine@... | 09/25/09
They have a couple of things in place. One of them...  ye | 09/25/09
Then why, if I may ask, ye,...  vulpine@... | 09/25/09
@vulpine: They're not intended "for Microsoft use only".  ye | 09/25/09
Be fair  RocketEater | 09/25/09
Then, ye, why aren't they?  vulpine@... | 09/25/09
@vulpine: No, it does not.  ye | 09/25/09
UAC's purpose in life?  Dave Keays | 09/25/09
In the case of Quicken....  Lester Young | 09/25/09
Its the Mac users...  arminw | 09/25/09
I wish that were true  macadam | 09/25/09
RE: Its the Mac users...  Grayeye | 09/25/09
...  TSH4Life@... | 09/25/09
that is not what he said  Dave Keays | 09/25/09
we macrobes...  bobzaguy | 09/25/09
Generalize much?  djchandler | 09/25/09
BS  wcb42ad | 09/25/09
He said "PC buyers," not "PC builders."  vulpine@... | 09/28/09
bunko (nt)  JonWayn | 09/25/09
Intuit drags their feet  mswift@... | 09/25/09
ditto  craig@... | 09/25/09
It has begun... ?? !! ??  JoeBob_z | 09/25/09
An attack from an infected link....  Lester Young | 09/25/09
You would be right, but...  vulpine@... | 09/28/09
Your forgot  rtk | 09/28/09
RE you might be right but?  j-mccurdy@... | 09/28/09
Malware  chromeronin | 09/25/09
Coupled with the repository system and package manager  tracy anne | 09/26/09
Ho Hum  tracy anne | 09/25/09
I give it 6 months!  FiOS-Dave | 09/25/09
see how bad all browsers other than IE8 are at stopping the majo  tracy anne | 09/25/09
You lose your bet...  vulpine@... | 09/28/09
Nope.  AzuMao | 09/28/09
But what if.....  eldernorm | 09/30/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  armith@... | 09/25/09
High price  jeremychappell | 09/26/09
Windows commands 55 cents/system bounty.  ye | 09/26/09
Hmm  jeremychappell | 09/28/09
Take your argument up with Symantec.  ye | 09/28/09
Ya, Symantec is such a great, unbiased company.  AzuMao | 09/29/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  owner@... | 09/25/09
Riiiiight  proadventurer | 09/25/09
Not really  Dave Keays | 09/25/09
WOW. Just WOW  eldernorm | 09/25/09
Millions of Macs are infected????  prof123 | 09/25/09
Millions of Macs  boomchuck1 | 09/25/09
Macs Users  wcb42ad | 09/25/09
Well...  jeremychappell | 09/28/09
Where's your link??? There are no real virii for the mac....  i8thecat | 09/25/09
Here's your link @ Kaspersky  mechBgon | 09/25/09
Still...  jeremychappell | 09/28/09
I agree, but what was your point?  mechBgon | 09/28/09
It's just what Apple deserves.  GrizzledGeezer | 09/25/09
Nothing like a cold plate of spite served fresh in the morning!  ericesque | 09/25/09
Shortsighted and rather dumb  rhon@... | 09/25/09
And you would be wrong.  IT_Guy_z | 09/25/09
Err  jeremychappell | 09/28/09
Deserves?  trm1945 | 09/25/09
Then Mac and Linux users should get over their invinciblility complex...  ericesque | 09/25/09
If it were only that simple.  vulpine@... | 09/28/09
The only ones who deserve it......  Lester Young | 09/25/09
Explain to me, if you can, what 'tripe' you're talking about.  vulpine@... | 09/28/09
Easy: They're not really patched.  ye | 09/28/09
Uh...  rag@... | 09/28/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  psion@... | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  woot! | 09/25/09
let's get serious about the "bounty"  tbroberts02 | 09/25/09
By that logic Windows must be difficult to compromise.  ye | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  RecruiterGuy | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  realmagick | 09/25/09
Ummm, OS X gets plenty of updates too  mechBgon | 09/25/09
Good Points...  realmagick | 09/25/09
Luckily for you  honeymonster | 09/27/09
Honeymonster's facts adulterating propaganda  HerbertH_02 | 09/27/09
If it ships with their OS then it's a vulnerability in their OS.  ye | 09/27/09
That's complete and utter rubbish!  HerbertH_02 | 09/28/09
You can't count can you?  jeremychappell | 09/28/09
Apple assembles the OSX stack  honeymonster | 09/28/09
"But what matters is how vulnerable are customers.."  vulpine@... | 09/28/09
Incorrect assumption  rtk | 09/28/09
Messed up arguments  HerbertH_02 | 09/29/09
How does the registry make the system insecure?  Lester Young | 09/25/09
He doesn't know. Or else he wouldn't have made the statement to begin with.  ye | 09/25/09
Heh  jeremychappell | 09/28/09
Got news for you: OS X is less secure than Windows.  ye | 09/25/09
If that were true...  vulpine@... | 09/28/09
In a word... market share  mechBgon | 09/28/09
Care to list just 100 new or modified attacks from this month?  rtk | 09/28/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  DannyO_0x98 | 09/25/09
Follow Up  DannyO_0x98 | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  cnickers | 09/25/09
RE: still prefer to use MAC OS over Windows  RedVeg | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  RedVeg | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  kenosha7777 | 09/25/09
Now that the Mac is a PC welcome to issues Windows users have  Randalllind | 09/25/09
FYI  john_gillespie@... | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  juanm105 | 09/25/09
Some Mac user's have false sense of safe  jscott418 | 09/25/09
Very good points  winski | 09/25/09
Very good idea. [nt]  olePigeon | 09/25/09
Apostrophes aren't used to pluralize words. [nt]  olePigeon | 09/25/09
First you start out with some then you go to many.  James Quinn | 09/25/09
Anti-Virus  jeremychappell | 09/28/09
Did anyone read the article?  winski | 09/25/09
Back of Envelope Time  DannyO_0x98 | 09/25/09
Naive Mac users doomed by Apple's misleading ads  djchandler | 09/25/09
Oh please its business and look at politics....  James Quinn | 09/25/09
And that's why I build my own.  djchandler | 09/25/09
I've built hundreds of PC's in my day....  James Quinn | 09/25/09
YOU GO GIRL?  djchandler | 09/25/09
You are wrong I would have said it to you're face.  James Quinn | 09/25/09
@djchandler: Ummm... just how out of date are you?  vulpine@... | 09/28/09
@ Vulpine: I didn't pull these dates out of thin air.  djchandler | 09/28/09
That's also why you don't have as many problems as the average user.  vulpine@... | 09/28/09
website offline  elllroy | 09/28/09
Intuit not a good example of "software"..  randysmith@... | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  proadventurer | 09/25/09
Maybe the Chinese have it right  General Ludd | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  rob.sharp@... | 09/25/09
totally agree  eldernorm | 09/25/09
"This just goes to show that MACs are as vulnerable as PCs."  vulpine@... | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  jpdemers@... | 09/25/09
Good news for you! Windows has this exact approach.  ye | 09/25/09
Nothing to do with the OS...  UsernameRequired | 09/25/09
He said Windows USERS...not Windows...  storm14k | 09/25/09
Except that it doesn't ask for a password...  technology@... | 09/25/09
This seems to be rather good news for Apple.  James Quinn | 09/25/09
Or could it be...  djchandler | 09/25/09
You should also read some of my other posts here...  James Quinn | 09/25/09
Jim, Jim, Jim...  djchandler | 09/25/09
The simple fact is there will always be some people  James Quinn | 09/25/09
"Once a botnet is established,..."  vulpine@... | 09/28/09
Oh sure!  RocketEater | 09/25/09
Same story, totally different perception  HerbertH_02 | 09/25/09
No system is secure against social engineering  jgpeters | 09/25/09
In a "strange" way there is a silver lining here...  James Quinn | 09/25/09
Or it could show  GuidingLight | 09/28/09
Maybe Computer Hygiene Should be a Mandatory Class  technology@... | 09/25/09
the Russians! it's cyber-cold-war!  Hobyx | 09/25/09
Market Share  dheady@... | 09/25/09
It's a numbers game...  koala121121@... | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  rightwingnutter | 09/25/09
Good theory...  JCitizen | 09/25/09
They must Love Apple's  GuidingLight | 09/25/09
Is this a virus?  James Quinn | 09/25/09
R-E-S-P-E-C-T  levinson | 09/25/09
how utterly repugnant  BlueBerry Pick'n | 09/25/09
Aren't you leaping to conclusions?  djchandler | 09/25/09
The computer is one of mankinds...  blackjack861@... | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  dkcartw@... | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  ceknight | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  phatkat | 09/25/09
PC vs. Mac (The Ultimate Answer)  MrLucasBrice | 09/25/09
Changes to my DNS address?  stanleyga2 | 09/25/09
It;s simple really  epaval@... | 09/25/09
@epeval  stanleyga2 | 09/25/09
It doesn't work that way  epaval@... | 09/25/09
here's how DNS works  nfhiggs@... | 09/26/09
it's changing the address of the DNS sever your mac will use...  doctorSpoc | 09/26/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  mwoo@... | 09/25/09
I'm shocked...  zkiwi | 09/25/09
Keep running those "Macs don't get viruses" ads, Stevie.  Lester Young | 09/25/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  klacour@... | 09/25/09
Very funny!  JCitizen | 09/25/09
Seems like small compensation  tracy anne | 09/26/09
True...(nt)  JCitizen | 09/27/09
Heh Heh I Seen This Coming.  Synate.Deszeld | 09/25/09
HA HA HA !!! Yup  mrdood_99205@... | 09/26/09
agree?  elllroy | 09/28/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  JonWayn | 09/25/09
Macs are certainly not invincible - but so far so good  richardw66 | 09/25/09
Hmmm! My brother suddenly lost his...  JCitizen | 09/26/09
This only goes to prove that even when we Apple users  James Quinn | 09/27/09
And opinion is all it is. I use both and find neither better or worse...  ye | 09/27/09
Because...  honeymonster | 09/28/09
Stupid Reply  jdbukis@... | 09/28/09
Thats another qoute from the wiki article too.  jdbukis@... | 09/28/09
I respect your input honeymonster...  JCitizen | 09/30/09
Message has been deleted.  Matt Gabriel | 09/26/09
It was only a matter of time.....  mrdood_99205@... | 09/26/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  joeblotnik49@... | 09/26/09
Message has been deleted.  adrea hufinest | 09/28/09
REIt is a matter of Paranoia versus Profit!  mark@... | 09/28/09
Oddly, even Jobs himself disagrees with you.  rtk | 09/28/09
"Sour gra... ... Apples"  mark@... | 09/28/09
Things are slow at ZDNet  Fred Fredrickson | 09/28/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  Dan Robinson | 09/28/09
Wow, You Mean There Are Still DimBulbs Out There Who Believe . . .  joeldm | 09/28/09
If you were half way right...  Cayble | 09/28/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  RS_1 | 09/28/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  Cyberjester | 09/28/09
Proof?  Evilyn | 09/28/09
Be careful what you ask for wink  mechBgon | 09/28/09
Mac owners are jucy targets  wizoddg | 09/28/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  Gis Bun | 09/28/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  becomann | 09/28/09
So tell me  Crestview | 09/28/09
I am so happy  Jimster480 | 09/28/09
Malware's been on the Mac platform for years.  nix_hed | 09/28/09
It was bound to happen sometime  flipicaneze | 09/29/09
Only $0.43? They must be expecting a lot of bugs  paul_kern@... | 09/29/09
43 cents means.  magallanes | 09/29/09
where is loverock?  ismoore | 09/29/09
RE: Malware affiliate bounty: Infect a Mac, earn 43 cents  powershaker | 09/29/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here