| Top
Security News |
House Committee Screws Up Whistleblower Email
Someone accidentally sent an email containing all the whistleblower email addresses to the entire list of addresses that submitted tips about abuse in the Justice Department. Then it gets worse.
Malicious PDFs Try To Exploit Adobe Flaw
Fixes for Adobe Reader and Acrobat versions 8.1 or prior need to be installed to mitigate a critical vulnerability and the exploits flying around the...
OiNK Torrent Tracker Slaughtered By IFPI
Invitation-only music tracker OiNK.cd has been shut down, with its 24-year-old administrator arrested in Britain in connection with the investigation. OiNK has been a thorn in the side of the International...
Insiders And The Risky Business Of Security
One person with an administrator password and access to critical systems can cause chaos within a business. The time has arrived to crack down before...
Yowza! Oracle Has 51 Patches Pending
Microsoft gets way too much blame for needing lots of patches for their products; Oracle will ship 51 fixes for its products in October. Patch Tuesday arrived for Oracle administrators today, and it's a doozy.
Russian Spammer Gunned Down
The murder of Alexey Tolstokozhev ended with a calling card - a final head shot by the killers. Alex Loonov blogged about Tolstokozhev's murder after seeing it on Russian television. Tolstokozhev had been shot...
|
|
|
|
The Mac platform received unwanted attention from a group of professional malware writers, who crafted a Trojan and placed it on several pornography sites.
The unwary web surfer, in search of a vicarious sexual thrill, may end up getting his Mac an unwanted dose of a computer disease.
Security firm Intego discovered the Trojan on several sites. It purportedly offers the victim a video codec to play a video that QuickTime cannot handle.
Installing the fake codec places the Trojan on the Mac. Intego said the installation requires the Mac's admin password. Providing that gives the Trojan root access on the computer.
Financial gain has driven the creation of this malware. Intego described what happens on a Mac infected by the attack:
This Trojan horse, a form of DNSChanger, uses a sophisticated method, via the scutil command, to change the Mac's DNS server (the server that is used to look up the correspondences between domain names and IP addresses for web sites and other Internet services).
When this new, malicious, DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web pages displaying ads for other pornographic web sites.
In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be hijacked. In the latter case, it seems that this is being done solely to generate ad revenue.
Alex Eckelberry of Sunbelt Software has no problem scolding the Mac faithful over their long-time disdain of the Windows world due to malware problems that haven't been seen on the Mac side:
Is this just childlike schadenfreude on my part? You tell me. For years, we've heard snorts of derision from Mac users about the poor security of PCs.
Yet that supercilious attitude (as we know from our history books) is patently dangerous, because it creates a false sense of security. Now, Mac users will need to be a bit more careful out there (‘cause when Joey wants his pr0n, he wants it now!).
On the heels of the poorly-secured release of Leopard, we now find that there is no perfect protection against human stupidity social engineering, even for a Mac user.
The lesson of this attack for Mac users will be one Windows users have known for a while: don't engage in risky behavior, and use protection.
About
the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
|
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
