Trend Micro Detects DNS Trojan Targeting Mac Systems

As per the news reports, researchers at security firm Trend Micro have unmasked a Domain Name System (DNS)-changing Trojan that targets Mac computers.

The Trojan, masquerading as MacCinema Installer, has been detected as OSX_JAHLAV.D by Trend Micro. It is believed to be an updated version of the OSX_JAHLAV.C malware detected in June 2009.

The Trojan is thought to be an Apple QuickTime Player update having filename QuickTimeUpdate.dmg. Like the earlier versions of the Trojan, users are lured into downloading the malware while they try to view some online videos from .com domains having IP address 91.214.45.73, which include: allincorx, bigdron, cikaredo, civilizxx, comeandtryx and several others. Once infected, the web traffic of the victim can easily be diverted to malicious websites by the attackers.

Security experts at Trend Micro also added that OSX_JAHLAV.D includes component files identified as UNIX_JAHLAV.D and malicious scripts identified as PERL_JAHLAV.F. The PERL script first installs and then downloads a file from a malicious website and stores it as /tmp/{random 3 numbers}, identified as UNIX_DNSCHAN.AA, that enables a cybercriminal to monitor the online activities of the affected user.

The security firm also noted that the domain names have been established so that in case the main IP is cracked, cyber crooks could easily shift to another IP address without having any need to change scripts or codes.

This incident suggests that online criminals have not only started realizing the vulnerabilities in the Mac OS X segment, but are already making use of tricks from the Microsoft Windows playbook, like OS-independent tactics including bogus codecs and fake video players.

In wake of this new malicious threat, Mac users are advised to keep off the IP addresses and domains included in the list of Trend Micro. They should also be cautious of prompts that urge them to download software updates which are not coming from legitimate Apple website.

Meanwhile, Apple Inc. is providing security advices to the users, saying that the Mac has built-in technologies which offer protection against malware and other security threats. Though, the firm eventually accepted that no system could be 100% immune from all sort of threats; thus, emphasized on the need of additional protection by means of anti-virus software.

Related article: Trend Micro Detects Spam Mail Declaring World War III

» SPAMfighter News - 9/2/2009