soumya
22-01-2008, 08:40 AM
Mac OS X was always described as a more secure alternative for Microsoft's Windows because most virus writers and hackers have focused on Windows infections, Trojan horses or other kinds of attacks. However, 2007 proved us that Mac OS X can be vulnerable as well, as a new type of threat was detected by security companies around the world. Today, a new report comes to support the idea that Mac OS X is not as safe as we know it: OSX_MACSWEEP.A, a new Mac infection, has been spotted in the wild. Security vendor Trend Micro set a low damage potential and a low distribution potential, so extra-care should be enough to remain on the safe side.
According to the security company's report, this new piece of Mac OS X malware can be deployed once a user visits an infected webpage. However, it can also be installed by another infection that already exists on your computer, Trend Micro explains. "It may arrive bundled with malware packages as a malware component."
The Mac OS X infections have never been too dangerous and this one is pretty similar to its predecessors. Trend Micro informs that OSX_MACSWEEP.A was designed to remove certain software installed on an affected system. "Once it finishes scanning for so-called dangerous files in the system, users can choose to remove these in the system but a window prompts them to purchase a product."
That's right, it acts like a rogue security solution, just like the old-fashioned infections targeting the Windows operating systems. Usually, these threats installed on people's computers provide fake security alerts, informing the users that certain viruses, Trojans or worms, were found running in the memory. In order to be removed, the user has to buy the full version of the 'fake' application, which is obviously useless and doesn't really remove any infection.
http://news.softpedia.com/news/New-Piece-Of-Malware-Hits-Mac-OS-X-76743.shtml
Think that Windows Vista is insecure, just because it's the latest iteration of the Windows line of operating systems and lack of security is taken inherently as a default characteristic? Well, here is your chance to have a look at Mac OS X. At the bottom of this article you will be able to find a video with the effects of the OSX/DNSChanger on Mac OS X, courtesy of F-Security. DNSChanger was initially detected by Intego, at the end of October 2007, and comes in a variety of versions targeting both Windows and Mac OS X operating systems.
"Social engineering techniques are used to persuade the user into downloading and running this trojan. Websites hosting video (often elicit) claim that the video cannot be viewed without installing a new codec. The user is prompted to install the 'needed' codec. Once the fake codec is installed, the video will play so as not to raise suspicion. During the installation, the local machine's DNS settings are adjusted to point towards a malicious server," F-Secure revealed.
The DNSChanger Trojan horse is designed to infect both Mac OS X 10.4 Tiger and Mac OS X 10.5 Leopard. On top of this, variants of the malware are also able to compromise Windows. Depending on the operating system run by the users visiting malicious websites set up to drop DNSChanger, either the Windows or the Mac OS X version is delivered. In the end, the attack emphasizes the vulnerability of both platforms to social engineering schemes.
"The trojan changes the OS X network settings to use a different DNS server. DNS Settings are made with a tool called scutil. After installation, the script sends back an HTTP message with information that it successfully infected the system. The message contains the operating system version and the host name. The install script adds a crontab (a configuration file that specifies shell commands to run periodically on a given schedule) to a script to verify the malicious DNS servers remain unchanged," F-Secure warned.
http://news.softpedia.com/news/Think-Vista-Is-Insecure-Have-You-Looked-at-Mac-OS-X-Lately-76848.shtml
According to the security company's report, this new piece of Mac OS X malware can be deployed once a user visits an infected webpage. However, it can also be installed by another infection that already exists on your computer, Trend Micro explains. "It may arrive bundled with malware packages as a malware component."
The Mac OS X infections have never been too dangerous and this one is pretty similar to its predecessors. Trend Micro informs that OSX_MACSWEEP.A was designed to remove certain software installed on an affected system. "Once it finishes scanning for so-called dangerous files in the system, users can choose to remove these in the system but a window prompts them to purchase a product."
That's right, it acts like a rogue security solution, just like the old-fashioned infections targeting the Windows operating systems. Usually, these threats installed on people's computers provide fake security alerts, informing the users that certain viruses, Trojans or worms, were found running in the memory. In order to be removed, the user has to buy the full version of the 'fake' application, which is obviously useless and doesn't really remove any infection.
http://news.softpedia.com/news/New-Piece-Of-Malware-Hits-Mac-OS-X-76743.shtml
Think that Windows Vista is insecure, just because it's the latest iteration of the Windows line of operating systems and lack of security is taken inherently as a default characteristic? Well, here is your chance to have a look at Mac OS X. At the bottom of this article you will be able to find a video with the effects of the OSX/DNSChanger on Mac OS X, courtesy of F-Security. DNSChanger was initially detected by Intego, at the end of October 2007, and comes in a variety of versions targeting both Windows and Mac OS X operating systems.
"Social engineering techniques are used to persuade the user into downloading and running this trojan. Websites hosting video (often elicit) claim that the video cannot be viewed without installing a new codec. The user is prompted to install the 'needed' codec. Once the fake codec is installed, the video will play so as not to raise suspicion. During the installation, the local machine's DNS settings are adjusted to point towards a malicious server," F-Secure revealed.
The DNSChanger Trojan horse is designed to infect both Mac OS X 10.4 Tiger and Mac OS X 10.5 Leopard. On top of this, variants of the malware are also able to compromise Windows. Depending on the operating system run by the users visiting malicious websites set up to drop DNSChanger, either the Windows or the Mac OS X version is delivered. In the end, the attack emphasizes the vulnerability of both platforms to social engineering schemes.
"The trojan changes the OS X network settings to use a different DNS server. DNS Settings are made with a tool called scutil. After installation, the script sends back an HTTP message with information that it successfully infected the system. The message contains the operating system version and the host name. The install script adds a crontab (a configuration file that specifies shell commands to run periodically on a given schedule) to a script to verify the malicious DNS servers remain unchanged," F-Secure warned.
http://news.softpedia.com/news/Think-Vista-Is-Insecure-Have-You-Looked-at-Mac-OS-X-Lately-76848.shtml