Newly discovered 4th member of the OSX_JAHLAV malware family.

MeatPounder · 2009-08-13, 01:33 PM

TrendMicro is reporting on a newly discovered 4th member of the OSX_JAHLAV malware family.

The latest variant is once again relying on social engineering, this time spreading under a QuickTime Player update (QuickTimeUpdate.dmg) with a DNS changer component enabling the malware authors to redirect and monitor the traffic of the victim.

The Trojan contains component files detected as UNIX_JAHLAV.D and obfuscated scripts detected as PERL_JAHLAV.F. The Perl script then downloads a file from a malicious site and stores it as /tmp/{random 3 numbers}, detected as UNIX_DNSCHAN.AA, which allows a malicious user to monitor the affected user’s activities. This may also cause the user to be redirected to phishing sites or sites where other malware may be downloaded from.

Not only are cybercriminals beginning to acknowledge the “under-served” Mac OS X segment, but also, they’re already borrowing tricks from the Microsoft Windows playbook such as OS-independent tactics like fake codecs and bogus video players. The irony? Both the Mac OS X and Windows malware are hosted on the same domains, with copies of each served on the basis on browser detection.

From fake ActiveX objects at adult sites like the “Macintosh Porn Tube”, to bogus codecs and players, these tactics have been dominating the Windows threatscape for years, and will continue to do so, simply because they work. However, among the key advantages a cybercriminal coding/generating malware targeting Apple’s Mac OS X has, is the overall perception of its invincibility to malware, a state of false feeling of security shared across a huge number of people.

Meanwhile, Apple Inc. is already offering security advice stating that “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection.”

Cleo · 2009-08-13, 01:45 PM

So far none of this affects users other than the ones dumb enough to enter their administration user ID and password when the Trojan needs it to be installed.

It's pretty easy to write malware for the Mac. You can write stuff in AppleScript that enters commands in Terminal, even I can do that, but unless you can trick the user into giving out their user ID and password you can't really do anything.

This all reminds of the Phishing scams that try to trick you into giving your personal information. Unless you are dumb enough to fall for them they are nothing more than an annoyance.

MeatPounder · 2009-08-13, 02:43 PM

LOL, problem is for years you have had techies using macs
Techies usually do not get virus, root kits, and other malware even on Windows (I've never had a virus and have been using windows daily since 3.0)

But with the surge in popularity of first time computer users now getting macs, or those so incompetent in windows they think macs will be easier so switch (again not computer savvy people that switch but ones like my sister who after 7 years with a computer still does not know how to save something from the internet), pretty soon half the mac users will be in that group of dumb enough...lmao

(plus that is a quicktime flaw that happens transparently)

Cleo · 2009-08-13, 02:48 PM

Maybe they will be too dumb to know who to install a program.

You would not believe how many Mac users don't even know their admin password. They set one up the very first time they booted their Mac and told it to auto login and then forgot what it was.

2009-08-13, 01:33 PM	#1
MeatPounder Women might be able to fake orgasms But men can fake whole relationships Join Date: Oct 2003 Location: Fort Lauderdale, Fl Posts: 2,408	Newly discovered 4th member of the OSX_JAHLAV malware family. TrendMicro is reporting on a newly discovered 4th member of the OSX_JAHLAV malware family. The latest variant is once again relying on social engineering, this time spreading under a QuickTime Player update (QuickTimeUpdate.dmg) with a DNS changer component enabling the malware authors to redirect and monitor the traffic of the victim. The Trojan contains component files detected as UNIX_JAHLAV.D and obfuscated scripts detected as PERL_JAHLAV.F. The Perl script then downloads a file from a malicious site and stores it as /tmp/{random 3 numbers}, detected as UNIX_DNSCHAN.AA, which allows a malicious user to monitor the affected user’s activities. This may also cause the user to be redirected to phishing sites or sites where other malware may be downloaded from. Not only are cybercriminals beginning to acknowledge the “under-served” Mac OS X segment, but also, they’re already borrowing tricks from the Microsoft Windows playbook such as OS-independent tactics like fake codecs and bogus video players. The irony? Both the Mac OS X and Windows malware are hosted on the same domains, with copies of each served on the basis on browser detection. From fake ActiveX objects at adult sites like the “Macintosh Porn Tube”, to bogus codecs and players, these tactics have been dominating the Windows threatscape for years, and will continue to do so, simply because they work. However, among the key advantages a cybercriminal coding/generating malware targeting Apple’s Mac OS X has, is the overall perception of its invincibility to malware, a state of false feeling of security shared across a huge number of people. Meanwhile, Apple Inc. is already offering security advice stating that “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection.”

2009-08-13, 01:45 PM	#2
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	So far none of this affects users other than the ones dumb enough to enter their administration user ID and password when the Trojan needs it to be installed. It's pretty easy to write malware for the Mac. You can write stuff in AppleScript that enters commands in Terminal, even I can do that, but unless you can trick the user into giving out their user ID and password you can't really do anything. This all reminds of the Phishing scams that try to trick you into giving your personal information. Unless you are dumb enough to fall for them they are nothing more than an annoyance. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2009-08-13, 02:48 PM	#4
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	Maybe they will be too dumb to know who to install a program. You would not believe how many Mac users don't even know their admin password. They set one up the very first time they booted their Mac and told it to auto login and then forgot what it was. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2009-08-13, 02:43 PM	#3
MeatPounder Women might be able to fake orgasms But men can fake whole relationships Join Date: Oct 2003 Location: Fort Lauderdale, Fl Posts: 2,408	LOL, problem is for years you have had techies using macs Techies usually do not get virus, root kits, and other malware even on Windows (I've never had a virus and have been using windows daily since 3.0) But with the surge in popularity of first time computer users now getting macs, or those so incompetent in windows they think macs will be easier so switch (again not computer savvy people that switch but ones like my sister who after 7 years with a computer still does not know how to save something from the internet), pretty soon half the mac users will be in that group of dumb enough...lmao (plus that is a quicktime flaw that happens transparently)