November 13th, 2007
DNS-changing Trojan opens Mac OS X floodgates
Guest Editorial by Gadi Evron
“The Mac is going main-stream” is just one of the catch-phrases that we’ve seen in the past two weeks when reading about the Trojan horse infecting Apple Mac OS X users. This attack has created a lot of controversy in the security realm. What’s so special about this Trojan horse that everybody is so jazzed up about it? What risk are Apple users facing and is the world going to end?
Today, most Trojan horses allow an attacker to control the infected computer remotely (over the Internet) and do whatever he or she pleases, as if it was their own, from stealing web site credentials and identities to popping the CD tray open or using the now compromised computer for more attacks. They “own” that computer.
While in the past Trojan horses were considered few, mostly used in targeted attacks if at all (anti-virus experts refused to even acknowledge the need for their software to detect these), in the past decade they became widespread. In fact, the vast majority of all malware seen today is, at least in part, a Trojan horse.
[ SEE: Mac Attack: Porn video lures dropping DNS-changer Trojan ]
This Trojan horse attacking Apple users is far from special. It hijacks DNS — when you access domain name for known sites such as Google, it will redirect you instead to a malicious web site where further exploitation or fraud can be done. It accomplishes infection by what security experts call Social Engineering. When going to a pornographic web page, the user will be asked to download a codec in order to view a video. In turn, he or she will be asked to approve its installation using their administrator password. Then (and only then) will they be infected.
This method of infection isn’t sophisticated and it makes us think only complete fools would fall for it. Isn’t downloading a new codec to be able to view a video of any sort sound very reasonable? It is something most of us would immediately approve of without a thought? We have to remember most computer users are not technically savvy or aware of security risks. Also, let’s be honest, when it comes to porn we are all fools.
User infections happen in many different ways, but the three main ones are a malicious attachment in e-mail, a fake or compromised infectious web site and network scanning. Of these, we can reach a relatively high level of security in e-mail by not opening attachments and using spam filtering and an (updated) anti virus, we can avoid being attached via network scanning by using a firewall and making sure our operating system (say, Windows as an example) is up to date with all updates and patches installed.
[ SEE: Can you really trust your security vendor? ]
Surfing the web is a problem as although exploits are used to infect us through the web browser (some of which we can defend against by using an up-to-date browser with a fully patched operating system), a lot of these attacks are done — successfully — by the very same social engineering trick.
Next –>
Pages: 1 2
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
