|
|
|
Trojan Targeting Mac Spreads as Attackers Eye Apple
By: Brian Prince
2009-06-11
Article Rating:  / 6
There are 3 user comments on this Network Security & Hardware story.
Security researchers at Sophos and ParetoLogic uncover a new variant of a Trojan targeting Mac computers. The discovery follows buzz triggered by Apple once again publishing old advice suggesting its customers use anti-virus software for additional protection.Security researchers have uncovered an updated version of malware
targeting Mac computers.
The discovery comes after some in the security industry called attention to Apple again repeating old advice on using anti-virus software as an additional layer of protection in the Security Advice section of a page on Mac OS
X 10.6, aka Snow Leopard. While the amount of known malware affecting Mac
computers remains infinitesimal when compared with Microsoft Windows, there
have been signs that attackers
are starting to pay more attention to Mac users.
In this case, researchers have uncovered a new variant of the Jahlav
Trojan. According to researchers at Sophos and ParetoLogic on June 9 and 10,
Jahlav poses as an Active X video codec on a pornography Website. If users
download it, the Trojan attempts to download other malicious files from the
Internet.
Though the malware does not seem to be downloading anything at the moment,
that could change in the future, said Graham Cluley, senior technology
consultant at Sophos.
"My suspicion would be that it will lead to a fake anti-virus [program],"
Cluley said. "The reason why I suspect that is if because if you go to the
Web page on a Windows computer then you get served Windows scareware. So, if
that's how the hacking gang is planning to make money from Windows users, it's
probably the same methodology for their Mac victims."
As a part of the installation, a malicious shell script file called AdobeFlash
is created in the /Library/Internet Plug-Ins folder and configured to run
periodically. Inside the script in an encoded format is another shell script,
which in turn contains a Perl script that communicates with a remote Website to
download more malware from the attacker.
Researchers at Sophos also received new code for the Tored
worm, which made headlines in May when it was reported that the worm's
authors were attempting to build a Mac botnet. However, the worm is still too
buggy to be a major worry, Cluley said.
"The worm attempts to scoop up other e-mail addresses from your Mac and
forward itself to them; however, it does require user interaction," he
said. "The truth is that Tored is so poorly written that I suspect it is
unlikely to ever spread effectively in the world. It doesn't appear to have any
particular payload other than attempting to spread. Judging by the juvenile
messages embedded inside its code, I think this worm is being written more with
the intention of the author showing off to his friends than to make money."
|
|
�������xr80�VӮc�*d[.kʲ<<ձ�
$)RCRv{%Ο�� 7]hɗj٪n��&�D"H@$\i9cqM5�>5_�ɤ:aģz�q9e̛�f4öۼC�ٰo4TiUE9*TR�9+{1{߶W�2w7[kB)(N}~#���mݹ��7ж켮k��Ci\w{ݳ>~n]\��@$HcA~Nw&�LT)�Jj\(�ML�0h�5&� :^gv{��j�wkzQҏZ-[jZAS# T$0yY>E�4bEU�2qu?-~k~:C,[3SAT4
̠�K`Wk�eP9;yi_voz{MN['��w�:�R��ڟ�+Hok*}kups�O{:$z>54�01\�]Z-$5�IUL�xE$Y)i߹ �=-�-˭�%wܿ",�_�� f��k��ķLJ�i)"�C��N�9~}MjV㭱J+҄&
�9B�:A`�ܺNR�49�Vϡ�8蟉$W�m�4�@r5�)6B̄H )7R<�?o��z@@�ZR~nV(�U�S%EI7#DD� v23~�B(��pHq��> z%�e1\Ӱu�irq���]7+De.
s5-wnzˢ�;\g8k5[wսuS5?`Ub}ƺƻ��KEhYf7-$��ꨦUʵt�?J j�GExQo+��rOLf[ԑplP)u�u<�|0��ZG>/tvϧԴPwP�?�:�pѦ�ޣ8�ݘX���iI7B4A�.~�{ݣn]?&tnYXŞ�+LRVi50C��E�6 &>v\�P|�2��Zw�9ܻ-L&w��0`D֠wCPb�L���TM}��PAX�\7 >)���3P_)�nвc@�(G))(/H.B$(ZȻ�B�!A�lq���[$p Xx�l+��+~'y-#!bTLZ�'9Tv{B#��TZ*�τb��Z
z)0ٜ��ʬ$5M힟
X�*ȉ#�m"0�%X����
-'Z
X��5�Z)m�
*�LBOzؕJV��Ȋ*ğ;l;�S�i;#O`�?[^0�t��)�iBI ?,x�poFaB?9fѦ)C&=��@3~�~6ۇ�-}��Ȧ_-dk6q/�}j�0&B13
�=wʠ:�'��_
P��'��.јSQr�VҳsM�wӿi
��_K%gYA�3�'|(@]4>+WuPÃ"`"+42[�=!
= Pȭ�T)w^IY䞅Tড়, H@gmdz?;�Oq)2Sf�$�),4�tOWݡ~��L?ͦzkT݈^u 9�R@]�֥�PK�
M
�2�W�}�aԵ �D�A
n:\X3,#
l,.h�?4W0��Ԓd6�n���SkdQ6qoaQ5J�pdҶ<8UKU4V�>ڹe3
���%P��$wSJ$l%K�W�w 7�=`w@>:`3�ǟG�RlC2D80V�2Pa��BSfg`m1J2躢� X�:�X<��~�o5z1|��*j�0&B$V�(l^x�}xN`'\sW�[�"�L��J}�wYвJzu6$�\]Pr)SLZ�06AaeL䱯^�t@�F�M@X��1$6/Pk�
:0!/�P��\Q-W0.#_L��_LU1(TO�nQ�E^~~�V��K�Ŵ�谢��zԘ{}Q�ː
0gtWed��->��IR-��ʪZ��Js��s??2�:EƟQ�:9pG#~y��Mfo1z�pE
~_���^J_0;�|b2,`�� |���"yb�ėaE*�㕴�~�>V�6ʼnG =q?@*:2�pn`w��y�~�t=t@X�qD��L��ҀJ
^�ƙd)ba��J)?�~m�AM:+lTO'wZ+U07(p��O-УǸ'~�|/�DVێISԳйtNsl s
�ܒ;� �@X'V-(7O40p�2^?uK6,^ira;9Qo@H�ms11�`��;07�W$��0�ۇN�:@"��#f.s_�wf�=]~oLg4�>ʀkӘG�2gdQ��hV�z\ 4�g2<�uM�_
4y�Qʃ",߸X,W̑�^`�3X�Z>2lz�
�|i6tGM4*6H!I�(u(�E�Iuzd*�+ZR�<*�r=-h2Y+(#t�+^��ǽi�m.E<�9[ �1ķ�ʨXIV+�Gs;"ʊg�b|�r{q>'F{��l��j>cWՄθ�4;f�[IdYy��ڤi��D@kX+#nƭj`.ӪV�$$: ���<�d��=૨8pL\'e�M=J1z7EM+v@l+J9wwGc&�3���կj��eѓE�O.'�mJPp,g$
�,�$�%DB�s9ǃ۷BlpH75�),8{Je�%[
yr2���(jԈ�8fX&1W+�ʬƼ f@48&�o;W��ZU{�"}QL
ޟp�ف�b�ß91�V̶Rfo~gQW
M~H
�ۦ>^f}�O�0�inow/�y01�Vy? 0WK{Yi\00��Jֿ�ISi~hS(/
dz�NR(���Iw1]�2}�r&Eyzھ ]wXog�~�hy# 8dGW~#t�ڗK�E�;"�˖:^w��9"�!5/�.�Yz�F�]9h5ó�M1��0խxѤ֒\z�$�\N3dn,ʆq� ۯco#(
Z�`!旁�1ߐdxPR#� (ʑ��H\�R
~tiwu��N�.�f_ BA�485XS�(+RJ)"4FL |F�N['&g
<=D&9NghDmn/Eb�}CsF[��ڭ�Fg
'okI}i^�w�~Zږ[q@�ǠC�R�#K1&�$Z^VP**sᔤ˞CȔ�X�N�Gƽ�b[�0d&a�+��=#tzooo=إ�֛~=*~�O�Ϻ4��]f+wB%-JK{%nYh�r;DҒ%E,qQ�#{ �G�Hڃ}�Au�U6�m>=�-35"i� �Q@/lvx6t? G Of�x�f79; 9><����$F[e廡�ܭ)�g$`GDA|g˩g涣A� jmg�wpUE0p>�$$\}1 ߊ;bE �Q�m!ZQ|;�N83{K�8�j�RSW�W&6o)?�.�?.AӞ
�<�N�~=nɸ��E'Ö�x�L,>_�'p5xnV،̓�uYW�E��Lt/rk�+�dXZ�7츈둎n0�ĝ=|r(zx7pɹ~G7��`f+�KӨ÷�OΡ]XC��kƨr̙k3>?��:o<�?ӨNa�w#veP�b�G
��CP�%22I�ڋK@}�RN-G|�`D�.�)��UQKJM(մmr&vڝCrYR�Cv繞x0Gv-� dék�N��b#P Gr���cVj9ϭ֙vV�{����GJ&++qCMM�+is&r=%KR$�]qP$q�/.+1F�"͔[L3*pHjA-Iϒ$jCb8F1�'�DvCG�SJ:Nj:HJ�hd1ـ5`�eݦ^03g�i,֦T\�dG+J4Z)1Z�g��^�Db~&K@Y_͈ɲ#OĞ /x7Z�ySjU<�o�%vR@�R|OV#TTLk*U� ӡ!l�핍x[7e]\{ sYʓJ0-@eұ��GjRO_RE+մ,�U'?���`1�a`Ѭ`` �{�&"CK�Q�>%T)T6iB<�ǽz ��RI)IJm`�i|!e�I%A�+�
I^#/r@�|uPv�þeUpW%�qp�^DYҙK7N=G���8(`JIJkZ�$��Vr� D�AĄ��b6~}j1TI*��whnsg9x�@�Y�e`}+ϔ:-zGAH
`d0�3�
`}N >�\p'.A}]|$ʄDy$!�{o٭,mYvO�!#'w0�ex�9W$c�r6_�/�M�hR,P���z�~],t
yzaZD4-�hd0ܔz�k�_�/L2_ E�@Ksv5Kx%trua}h�O0,(��,tl?L4��g`XB1D�4"�ܓx2-�ټ�t�D,Iu�Ə�aNut��_y-36N@Hc-]`,|QBNj��+�|ē:Bjڠ�Ӓ"hjQZ9Vd��X�4�fcB;D�s1y%r�I$k<�-읂,N�/�cYqz-֩�+{Ꭲ\<�/þWf�NTO&Q�dʷb |3�\P�X��(nGG<$��+<���O{��~w~w~w~wn'jXUDl^�$Ђ
k˿#�ZYZtlV0�:̮�Ѽ��b G�Q?��=}ml[坛�:�$#{t[.F>wM}�вKqO@"��ƌ<�awZdع]�QP83_/\�Ţ�Kn\~Y+:Y&Яy���yG�¡Hj|!!WJD:`�7^3VD)�2��J66̔h`
�>닔+��'?=k҃%>?w}Lg�;2(Pg/>k~UgK
/a=-N��v/*`a"d=Iv�⤃�E#(hELVÑBu�ų�Ta�т�j�c"n9?
e+?�Ũ=ZI{FD<H�'ܺzF���I�͌B�RR,Cy^�icWVRѪE�r�`ʑ�KƢ�ȵF.0~c��I\�qG:Rg�y祒V,T˩t^0i�,�6�K&�ω)edHǏ>HP*$�Zz;-
Y 'xk�z1߽Zۭ�r컣\��jWuƂe�4X>>�k��㽻Ԙ�m%
DX#%۞NNxb`
��DڭJ]kJ^@yj�4Z�u,u{�cȞ�۫uTEoO0�V`L��lfmےV�o5JK$¨ӔAJL`��r;c��±@��t ތ�/Hk_DΡgZܳVܞVk��*,�,?t1&W1儔�JzN۠Ļ�^4x��WwL!1�\�TbЭ�B1˪M;InP}wY?e=`
�'�2u/x߹[!W=Jl~'�dM,ë�|U:�Qh|%w[RGlϦxH�17�߄^P>��:{ᛂrP�Z-e#F��w_
�6f^zgZQ!IG�?>xI�5�1K= o #:�p"�X��Z
aI�m{7�R[�$y?ZED���%��quj}D~h/ew[=
dBA��Lp@0�wMuqg2tS_�q�H�3wjL�x�r�`(L]`CL)a�]ąيgAֽ?C7,>⧨[�>�B8!�i
ozeO)��cDR/3OaH�9p=Sq["CdR1��@Q>s�uǤZ �45aBX���RA~�}s=�dlSۈ��(��0�װ�Þ�1;,E�5mx�|cЃ(�|�[/� T6!�1�gGi>'@!�IS*�9�E�Q\U�P�*@J��>Q�|�����e�KL)!H0Z��on�`�6s}�`EP00��a|LoॆA~2t:�H0͇S+T�fɻ3��:r�tT(ʁ�2|{�C�`�>�c9r3��RC´vx"X-><& .ycI�� 8�^yN4X+lLZ7,��2|��
=<�RXX_1[��> MꪂO�J�BveX
&0VR`Q�{��נ,&;.a+i+K���9Iˑ�;�^h`��u0 }a3brOtv
ͫ/{M"OǽUݽ$ǭ
m¶��|G 闓e}5,�fbv>L5m^kL�(P]6;-f)�TjSg̵,�%�E�*wDY Gcqy� Bw�|ݿxRv� Q�~4ab_1o^z=-Zq-�Y�'>;՚�:|jS#�}uR�_
'M&7�b�QhIk&5+ۼ�v(��3_3ʯzsI�8QޅnF9rzs)കQ~�'π>g��'(k7OsiF9�3ˌr^Q�ʿl.���akt2Ƨ�d�;Y�v>�tw?;��d'eF/?Cs(?(�#�坌r�ˌ�̐K�ˌ����_?2
x�:z^F{^F���ק��埳ʡ3�9~7P~U�{7MF77�$)c�f5pvJEsQ^53T�}~�)�Pg�5(ge�3�Vڍn�a�{Ar!gF@^~_b�}u=M+ťW�*7YKxM}%kk[F1nv�dtb�at�5KHe^M*!#(,8%Y}MNJ�4tk 7b[y�DYAI{R}tE�OI>t�p]"&JRW[O'´Z}5_9��p=U2�6#�{"tf}oAD1�K�AA0��GznQ'��oe&o�s?��`jG~@' @9^�\�pm⦠n$o+ 5�O��W�}�.omG;yh#62vf;�w�K췡^|#x�r�܌3:X�Z'/i�i]_6/�W�-ЙO��A]e�GӠ[Y"��B8�#�0
d�H=�_g��Oa4D�=�/��rjhN4p�sn`'~��90x:C\ԴZjRsG?'Hd�6#8 "2�DdU*�.�ZX��,.g
�/(�@#غM{%}C7<8fȳRLq�
u+k�%� P��1�=:*gǬD*Y�ۼx�`T���؛�ގe�@��?o��9X�j-/#R�gQW!+fx;�ϩ�hcƥ��6&%KlŜh'b�C']sPLzO,O�~�f+g�M��c�U�ݡQ�C <:,e`�gLЫ�HG%�`"�9�oٔ^^C��΅*˗ X62gx`axb��:՞/{n�:aKƈ��DM�KIn�_!�mx'GW`-yC�`b)H�C�H�axa�p�&t�䭌4w=��Ɓs���(*&-c�WKm f53wzIc,��R�3o/1���601�7K
>��^|hkоx^�I4��Hm7c@诿N`Xkt J7B����3��^�3/a�o�A
T.,wbsS@y=y�saߖ�?f
}uk6�a`:Tw�-~���"�d`fZ1L٭aRx��/BL�r �pIi/�0̈��q�#&b5b P|_ |a9BN#Wr
\:
�� ?[�>KGJL�Ǝ�$z�S߂9/G���-ɡ=��$>}T.q
sE�eב�e,&J ��B8̈́dX.N`'2ݯ}ס e4X3�)#,|HnLt6q�>+s�o�A�0D00�Y��~l'>FՋpO`Hz��ƣ�,h�:BQfk
kmb?�k�}FV垓$g'_7�b
Fi&b3@tgYl)V>_);�z JJ @b
S%JvM�
=c"1b9?���v"ㅰxo!�Z^y�|XT��,sD��?�>K:[S1U1֒�_6/gw�;ysԷeEQ&PL��¶c�)Jqi�ХIG[=$sDs݅� ߠ(b/<%���*`>��.�X&"�>6�v�>�L�c�? `�nwf9c�ˎu,s(ŬBSd��=�)O?7G[nE�\��<>c�i�)�yc<��z��n% �/� �i�Û%:Ɛ�=ۭ���)0�p,\f�ɴv!(Dْ�0�-�?�� 2+1�
<&`ߟ�2"�L�-� �ԦLSw(\*],1Ał?�qL#iC9j�e Ǣ8"U]ۼ�6s�P/>¼uGׂ=Q'�aжZWt�{�]#+b�1C>`]R>Ŕ+.)�tO�E˰��ANt3NEף�k^��zX�ٻb=�n)ZF�,c-�ԭ<�P0��@~C.v^e�ܔ�MF:®u4mo���v�щ���DL\7o\TUc2��hl�T�x�I;s�_9V0�|6,�c~��#}#\m��:1V`gwY?Wg[8KY'}d.�D�I
qk,�Ma4,Lb5��"[]QI�(`�xph;?�҈Y>A� wVǰ�.XF!&ۅ7�O80�Ux|�-h\�};X\e,8LgѸ�3E~1Z��U9wm�j7Wx�ozc|>[zw0�XjPoS���v<<~v�k
�.3J�bQ'.i?��t/1X7u㖗�7O>~~<6҂%!tO[i��B"E�w<=m_~HVz�Co��s�g�|�oU��AޚYf]Z%�Nb�i|
dl3��W�R�v3��F'e9TU>\J�RSk$5WYVfTN�ƇN}�>4m&l2)v}ml-c6�C-�{�;
O+��
|
Network Security & Hardware 
