Fake Websites Offering Free ‘Snow Leopard’ Install DNS Changer Trojan
Bernadette Irinco, a security expert and member of Technical Communications Team of Trend Micro, made a posting on the company's blog that prior to the formal release of Snow Leopard, Apple's OS X, on August 28, 2009, Internet crooks had already started taking advantage of the upcoming development for the execution of their malevolent operations.
Irinco's post proved correct when on August 26, 2009 Feike Hacquebord (Advanced Threat Researcher at Trend Micro) found that a number of fraudulent websites apparently offered Mac users the latest edition of the Mac OS namely Snow Leopard for free.
More details from Hacquebord revealed that when users visited fraudulent websites, they were infected by a DNS (Domain Name System) changer Trojan, which Trend Micro detected as OSX_JAHLAV.K.
After execution, the Trojan unlocks codes that consist of a script, which downloads more malicious scripts from the Net. It also carries several different encrypted codes in a chain, with the final one being a Perl script, which tries to install and run another malevolent script.
Subsequently, the downloaded script modifies the infected computer's DNS setting and adds a pair of fresh IP addresses that represent the DNS server. Consequently, end-users might be diverted to malware serving websites or websites designed for phishing.
Security analysts at Trend Micro revealed that a few websites of these fake ones hosted rogue antivirus software or FAKEAV. While the threat from the malware was considerably low on Mac OS X, yet it existed. Actually, it appeared that the greatest danger emanated from Trojans, which tried to pose as authentic software installers or updates, security experts finally discovered.
Nevertheless, following the discovery, it was clear that Macs were receiving an increasing number of sophisticated malware attacks. During the 2nd week of August 2009, Trend Micro had detected another JAHLAV variant that attacked QuickTime and sometimes when users executed porn search.
With rising malware attacks against Mac, Trend Micro experts suggested computer users to keep their anti-malware programs up-to-date so that they remained protected from the malicious websites.
Related article: Fake Spam Mail Announces Australian PM’s Heart Attack
» SPAMfighter News - 16-09-2009