Today, we have found a Mac OS X trojan. It is usually said that only windows users should be worried by malware. As we show today, this is not true.
It all starts with a lot of porn sites:
|
ispfiltersporn.com land-porn.com lineporn.net look-porn.com play-porn.com playhardmovie.com playxvideo.com playxxxvideo.net porn-abc.com porn-contact.com porn-global.net porn-go.net porn-group.net porn-party.net porn-play.net porn-plus.net porn-power.net
|
pornissex.com pornname.net pornxxxfilm.com relatedporn.net seek-porn.net stephieporn.com superadultfriend.com theadulteye.com time-porn.net use-porn.com withpornstars.com worldbestadult.com porn-room.net pornabout.com porndrive.net pornhelp.net |
They all host some videos with names like: Download Sample Movie, Free movie clip, Get movie clip
This malware hides as a QuickTime plugin. When you try to download a video file, you are encouraged to download this plugin. It also, asks the user for the administrator password, in order to get installed.
Once installed, it runs a script that changes de DNS configuration, to redirect users to phishing sites of banks, eBay, or Paypal.
As always, be careful!
Thanks to Adrian and Oscar for this one.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
