New Click-fraud Trojan Attacks Mac OS X

Researchers at F-Secure the security company state that they've spotted one fresh Trojan performing click fraud on Mac OS X as it diverts Web-surfers onto phony Google websites.

Explaining the Trojan, F-Secure says that it, dubbed BASH/QHost.WB, arrives in the guise of a bogus downloader for Flash Player; therefore it's possibly disseminated through certain socially engineered assault, which tells surfers that they should update Flash Player for say watching a video.

And soon as the Trojan is executed on the computer, it's observed making changes to Hosts file of the OS as also injecting an entry, which links up all Google websites with a malicious Internet Protocol address that the online-crooks regulate.

Interestingly, the said hosts file bears the potential of being utilized for manually naming entries of Domain Name Systems, which occurs prior to the replies the computer's DNS server sends.

And once there's a malicious entry injection, Web-surfers attempting at accessing Google as also its local websites, are likely to view a fake home page of the www.google.com site. This should ring alarm bells as local Google websites require having similarly local web-links and buttons that doesn't occur within the current instance, the F-Secure researchers indicate.

Speaking more about this, F-Secure stated that in spite of the fake Google home-page appearing quite genuine, following the web-links didn't lead the surfer onto additional websites. However, it did produce fresh pop-up pages generated out of a different distant server though not really pushing adverts to contaminated Macs, the company added. Zdnet.com published this on August 1, 2011.

Moreover according to F-Secure, after tracking down the Internet Protocol address associated with the bogus downloader of Flash, it found the IP as being hosted in some Holland-based server.

Lately, Apple has fought rogueware assaults against its products, while the current attack additionally demonstrates that there's a growing market-share for Mac OS X, which has drawn malware-creators' interest, remark researchers.

F-Secure suggests that users should ignore uninvited offers for downloading Flash Player just as they shouldn't take down any suspicious-looking unexpected e-mail attachment as it could be corrupt/malicious capable of harming systems, states securitynewsdaily.com dated August 1, 2011.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 8/12/2011