Dec 8 – Apple Malware?
Hello to all you Apple users!
As many of you have probably already heard, Apple had a post on their website saying that users should use some sort of anti virus software for their Mac computers. Macs are still affected by viruses but they are not as wide spread as Windows as Windows boasts nearly 90% of the market share for home computers. However, Mac advertising is getting better, and therefore they are gaining a higher market share and malware authors are starting to lean more towards creating malware for Macs.
According to the Swiss Federal Institute of Technology, Apple has been known to be slow at patching their zero day vulnerabilities (when a security problem is publicly disclosed without a patch). Thus, the well known antivirus companies (Symantec, Mcafee, Kaspersky, etc) have been working on anti virus programs Macs. A free one similar to SpyBot for PC is ClamXav. There is also a free download from Apples website.
One of the key vulnerabilities released recently is a trojan downloader called OSX_JAHLAV.A. A trojan is essentially a program that looks real but isn’t. A downloader essentially downloads files onto your computer.
This file in particular is loaded through a spam message. It links to a video that doesn’t play. The error that comes up says you need to download a video codec to play the file. The file that downloads is called ‘install.pkg’.
This package opens to code-live7000.dmg, an install file for the malware. Don’t be fooled by thinking there is only one possibility for the name. It is easy for the file to be changed to any other name to cause confusion.
The install looks incredibly real as seen by the screenshots courtesy Trend Micro.
Anyways, to sum it all up, nothing beats a users intuition. If it looks too good to be true, don’t click it. If it’s not from a trusted source, don’t open it! A good anti virus scan every couple of weeks is a good idea. I wouldn’t use the common programs that are available on the market, as those are generally the ones malware authors try to get around first.
Hope that helps!
BTW – The installer IS REAL. It is relatively easy to create an installer using the Apple development tools.
However, you have to be a complete IDIOT to install something like this. Custom video codecs are few and far between. You should be able to access videos using codecs from trusted sources. Don’t trust "special" codecs.
And most of us, you excepted heard they pulled it.
Thank you for your feed back guys. Though I must say, the vast majority of users on the internet be it Mac or PC are novice users and don`t know any better. It is often up to experienced users such as yourself to educate them to not trust these `special`codecs as well as where these trusted sources are found.
"This file in particular is loaded through a spam message. It links to a video that doesn’t play."
Should read: "This file in particular is loaded through a pop-up window after the user clicks to request the viewing of a video in a porn site. It mentions a problem related to ‘ActiveX’ and suggests installing a missing codec".
Installing stuff from a porn site is like sampling the offerings of a red district unprotected. It stings? FAIL!!!