|
|
|
Trojan Targeting Mac Spreads as Attackers Eye Apple
By: Brian Prince
2009-06-11
Article Rating:  / 6
There are 3 user comments on this Network Security & Hardware story.
Security researchers at Sophos and ParetoLogic uncover a new variant of a Trojan targeting Mac computers. The discovery follows buzz triggered by Apple once again publishing old advice suggesting its customers use anti-virus software for additional protection.Security researchers have uncovered an updated version of malware
targeting Mac computers.
The discovery comes after some in the security industry called attention to Apple again repeating old advice on using anti-virus software as an additional layer of protection in the Security Advice section of a page on Mac OS
X 10.6, aka Snow Leopard. While the amount of known malware affecting Mac
computers remains infinitesimal when compared with Microsoft Windows, there
have been signs that attackers
are starting to pay more attention to Mac users.
In this case, researchers have uncovered a new variant of the Jahlav
Trojan. According to researchers at Sophos and ParetoLogic on June 9 and 10,
Jahlav poses as an Active X video codec on a pornography Website. If users
download it, the Trojan attempts to download other malicious files from the
Internet.
Though the malware does not seem to be downloading anything at the moment,
that could change in the future, said Graham Cluley, senior technology
consultant at Sophos.
"My suspicion would be that it will lead to a fake anti-virus [program],"
Cluley said. "The reason why I suspect that is if because if you go to the
Web page on a Windows computer then you get served Windows scareware. So, if
that's how the hacking gang is planning to make money from Windows users, it's
probably the same methodology for their Mac victims."
As a part of the installation, a malicious shell script file called AdobeFlash
is created in the /Library/Internet Plug-Ins folder and configured to run
periodically. Inside the script in an encoded format is another shell script,
which in turn contains a Perl script that communicates with a remote Website to
download more malware from the attacker.
Researchers at Sophos also received new code for the Tored
worm, which made headlines in May when it was reported that the worm's
authors were attempting to build a Mac botnet. However, the worm is still too
buggy to be a major worry, Cluley said.
"The worm attempts to scoop up other e-mail addresses from your Mac and
forward itself to them; however, it does require user interaction," he
said. "The truth is that Tored is so poorly written that I suspect it is
unlikely to ever spread effectively in the world. It doesn't appear to have any
particular payload other than attempting to spread. Judging by the juvenile
messages embedded inside its code, I think this worm is being written more with
the intention of the author showing off to his friends than to make money."
|
|
�������x}r㶲s\@♵M푦dK�kŶ$xMT(��S�I٣'ˮ��O7�t%_&3m��@oh4���I"�nZΘ\ܦd���轿O$w�}��Lj9UQ#C3W)9bPg�34mZΠN@\��~}@^}fw��D%x�_'Щ=ѩ:wɄZIPQۗ>}^~l�.prL⎲Q�m/
x�uG`aZN<�Qf_ERΎȏ�mm$oQX}:[Q=2tS�[�BT
�Kd/B(?F#�s?9CvNտ{�>Ӏ�k`Vl}qDk�NmW ȓ�ۭ@x!�BP�!"B�\ςwK�I%�_g�'u�ڪ8NQp/F:tm3E������k�LN\^BZ�Sˆ螥��ɧ5�f�5I
�
1A �4cT$ny8DrH�n6��Ո��ypȳؖ�`1N8CYnݰ�뺷}=-:ԍ۱�=$�f]Ԓ],r,U)�0�wS'�&>_�ɤ:ģZ�r$˺79h4öۼC�ٰo5T:Ԫr\�ˇJy/^[̿XYpoZ_z�JY4E9]ϯs$Q�w;�ܖu�T\O^O:Z��a\`'H�|'[oD�R*��rP8&ȇ¤�Ԙ8b= {3P��%oJxX�X+(H.c#I-byO``%�pbQU�:7'SK^w۽�NO�7bٚXB�ji@�e$�X�]FHwAytqӾjvnz%֧iٝ{N4ps
Z_Zz�<-�/x�_6�l
M��u�ô|WVK{Cs|"�xr>%9Io
7ɿ��;Beu#$�7]�ReQ
�o̱�o>0@|ˤd�&r,�
߱n\S'G`hGo_[ ZPĿ� E/<@'D=jSf�I�r(,e��g{j M���H��5Ŧ]`)exFS�m̗U/d`(AK/g-
�5t*軤(If0;A0<^f/�_��\RG�
1
p1S{n2�.Ӱu�arv�|�^nVV͉:YXYu�jZnY?�iQwθ~j?v[Mһ\:5>@*OtvϧԴPwӐ�?�:�M��/�G˥~n�1�@�
L�Na�
V8;
uCuӹga �{>�0���kJY-��J$�>6�Z\χ`c˖CB뎂9�{�erg�mM~�ٚС4}a�
h�p3�*~s`�=w=
}
�w��/�lmNl}h`1 �5�%ˌ:0$w2Z}#%n.G))(/H.BD(ZH�B�!A�l~���[$p Xd�d+��+~CazGBjK%'B�P*m=!đt݁Z*})�5aGe�-n^
$�d3CCd0u Q<"`&�ˑea*0pRx5Qn`o�ʱ�& 2,X,p��U{2l4` �-|' M�LS���p�EQY6�4� x��1!q<�%�t0kab恈7�_ƕ/�k�a�{�J[�:P]%W,Y^�/VV°#]55�ej� [aH�z{�>8`�Tf le8l0�[b�?xlq�j 1��&�?LRP�$�`�/#Y%�/9m0ܑk}6fD�ugA`l^-D.-g���\\�npf
�Z�*�~~~04]y�6/|�}���N�r�.K��āhͰ�Zh`]zu6$�T[(�Qܧ&3aS3&�턇�4`H�ܸ�/|P"
8�� y�}@*��&�j�1�-[
�h
[z�qSE��oA$�&�)G.�p�
sWyGZ?O�y Y�LZ̺�>~דo�vf퇛+k1����8W�opo퀂ȋW!7Gj2e+�7at���E���?�i[2e��_�>�M=��;L4F�;&�3>w"qD d���Ŏ|�P� q)(9
�.+U`ҖMЋF +4�9aؠGsH�R11���TowBOp�˯��6@A�&ŷ�[\JI)�`qU�EZ)~�)HǞ1}]�ܙe>t1N��8*�z)O#��ʜ�QEoS Ymiq#,�.Ҁ^ߍex.�]c{6
��8x��@Yʚnw` xR,Wα�^`�3X�Z>6Y Ģ*Ku�Y�l&ŏjȏU6Jd"I?�kY� �y`*�+ZR�b< +8�ri�4r2j,j��.�q+�kLo9��-2j=sP>,
K�%�����_vn�ES>�)�u0gL%-萺h\m@�1cn/`2N4{�a�\%]-XƏt@�Z:/�U)�U�U tVB 'I= c/=fQ[y`:JU4qy4(۾b0DY@��<w,n�0FrP*�5�]�*{ sK4a!`��X~QK�(��,�~w9ـo�|\V*
�r2�RDBZNBq<8N)�ItS�^J;�T'.nr_\&+#I ���_q��n0DB*nLpgGssb^f>VU�'&/!(0I�H_dpSid�':uvr&@�ޏ.}ﻛv~D
�ۋ=\e�c1Aq�sNow���YAZ}cq m>"�1�WM}i\·dz�LR(��1I�1>dd˙]=/bo�fц.Zg0JF@ɁtΥs~h_/~v.:]~\ZR1~ZdG1AGԸh:b<:�a��膧�7b�7L`jX&IE2D#S�5C2܃a��m��H!u,nĂK$�"j�M3$n�e88фm�w�~u�XLP($��T�0�r,�`�$X�*��Xu2]_4>Gǎ2sE�r����^S�F(+b�K)"$Dٌ \egiD眗 '0��^�/0[L㷜oWȘI�GD_q+
�'=?�h'5۟H‐�
Nv��hq_qB[��ٿ[o5e's
C7+�۽t9niimơ8�
��J}~Vj/It:�D�jySa{wCWȪ̙Szۋ7R^q�+<���&.�o臥�4LZb5o��14�m*z3=}z9[fv?kD��>dO1\jTɢm鼳��2��>
�AYCVorl8w@rs&�cx�2F'F[euw+[c��gD`GHA|ugA� jm9g�itpUE0p1�~���oE�[�ά�(g3�o-(�oǜx�k5�)�U�%U��֒k0s(p!$�qN�M{fr+������~-nɸ�!E'Ö�x�L,>_�'3p5xnV،ӂljYS�E��Lt/tkW, }�'kع�#�.Sw:�#:s̪tEa��lks߯?���հW,a'L��8黰҇��{�'a3ׂUg|H8G섛˼bq�Z6�d]�'R>>_TE-)rm.�ߓ�8;G�S,�s=�Z_fk�ZҴ��TcJ=��;�"�D�Y�1Kvm`�aPpȰPk V�FZn*�9�;){�Z��8��n)N �,O5�<:��lN:�(}�I 'N0^BddAW7AgPu^ #�=[Hܗ*ŒV*ɂ[ŤsH��l�6L�z��� �4ATr�"7�>�giJ&g
D8t�
�뢦o]%U �2Ԟ��V��*9J'`-@K,�t� D�;/�ZP;̠@͖�,s#�,�<1�{�~C��+DqH|JIR�_ى/5 ~�`�A\!JkD��|uP�ñeUtW%�7m"tϒl r_=GB kKHl)���xDO�" b�
.CO<�+I��$�N4W�Mmi4ױ�c�-���sxPin;`?|.
BAɲ�x�'!x�'1x�ܑ�.:|�LHz�bOz%-S(.Y�m��ZQɝ�Vgf�-zGA�`A�L���0X�%�|dc�EOLG"vʒZږ*Nzm�7DqG�(HłtRXĜ� w=0|˥R�!h�4aI۹8y�u1�"�?]P6�X�Ny'|'X�j O5�9999Spj;cyO۾~�6�Te6B4�=�{^�գ�wK&�PQ^�PyC��#�AO��@k_G5?7"h���.Lխ"!$i
GZ?gKg`�̰��M1}1:za\D4k-H{2RWnH5
pUw@/BDfQ\}Rwή:x9-ۤu�k�O0,S)�*�,Pm?[�gN0D�4U2- <Ƣ__XBjT`+��j+Esm3?r~
�%46K\�H=X��F�&��R!
zZ�1��UZ0Q+G܊l�C�fnGH�1�"�]Lv^ %�B=#�kK:-%{=;XRdN^>�%,]Ex^ᇷ^M;BT=�EBؒ*_
cj�X40ErA[ !
��"xXG �CxG�OCPio~t`o^o^o^o^WEՊU{Q�U�,dB�K�٠W0:W@h߆�g�P#͊�}٭�
{۱ַ
�PRK�jf�Ȟcb+ݖ��}� �MKh�u|��p5!G�"Dcw��9c}iz�l@_�PI��69٣?X坅Cݧ{�0:ZU\Cӝ"*S*$zC�do3�8AlQ�y:le`9��uSvQ�T�SwnRǠ�=Cc#�¡�B�
aP�z_
>���R�w(�0#|Ɣ�J.
0<
�,pH�f�qqΡas@:�^,x"f"/c0Q[/~ۤ0�t9�qw\;C:c|SW�
5�?Xew+��6:m��.��=Gwsx/�;v���<�`
�$%?[^wx=pKW^SX�ܙnʍ^ +x7 ƿ��4WoAw4XJ��Tok̈́P!jΡ�k1�ZۘSʚLHj�~ж}A˽=V�46
mY�[`cX3�Ej>�*淵qdyN;=mV)Kjhk>KeҴ|Яy�=W/�!4�S�2Ćdba+I�錂qnro�5V)c2�J66Lɒh`
�Er�VГ��5��>�4�ε7
�ьO {_ڳK۪_hÞxT_߷8?99̫ņy꿓�$y{nz`'�h/A1E+l��@.]h�S}L7�<`C��nx.^�/Z5nԒ
�4.Ndã�ErU���t�^�7 ӖcZPh���| �=�[fT�nCnĽ����[�Og8.
2â=&LA6NYFl
/=MQ�Ӭfo!_`n3�ٻ�yk/1q3�Ga0YD%�]kC~�;{7駠TC�/Ao��+b��G@M� ut�"�x�Q�w�WQgē{~ODF�òbݵ#�⟎[𞥊Z�GyKDŢWn�gv@RCB(lKh�F]p�Ѱ ��L68ߋn"&sjxkVQ�|�咿%:^�YR��z~b�t�Ƅ#G��We:-0��j"+g��JD��-~0+�h1�g �>)fF<���L^�a��v̈́�7�Zz�<��?57:Q�9s;\'7Ƅ-* ;,Ot%:��A� O�dn)RjX�{>I�Tnp=jh�DؤH�fvjRZA)rx�ߡ<�4`+UMhբ
fG@VT9>c�̱���p_Zc�؉sP=Ӓ"�QGl�;�TҊj95�0��.�6�K&��)e�e؈>PP*(_41Gg�1����r�|jXojzQ�k襃ҕm`����W�|%5F¯[q{e��>:bӹ��$M:u_`c�i*pm[*"�HP�Y�#/V��S#�=Ÿ_XYrR2.^`�hKZI<+.��Nc�1q:�
@�\wt��c0%@$�5,���k`\adxd㭨=-0�RUH>
1Xb|trGh%6�h7,=_!Ƙ���Sx�cD�U<�1�1t+P̲jN�T\֏pY�=XCE3 �L�_^ĭBVU�'r�&�*�(4�;-RlϦ�V17}߄QT1��:{ᛂrP�Z-&�G���_
�6f^ZGZQ!G)}o M-ӴiLRO�= N��9��mǃ"Ba=X@:>Io��Hp!]�U#�`�xL��z�Ѿ WEou{a�Ȑ.9k�`�Xțf� ,̑4�oԘ8�� (�]A.;�Bx7t'le1qA[4(к�|U/~�m#k^�bʑ`�֨n~^CaU�1�`8�*pgj5T�KL
2�@�:
x�E��?=^q79k �45A!,���^C. Q?�<6)mDRPiF�c�tkXaϙFLN1MA|+��61A�|@>uXj��
�!�1�gGi>'_!�J&F�KRE�*��D��"}�fA=`Aa~L#[C1P/Rjs# a/x�` 3��l:Lma`t��.t�;��we~tI@͇S+T�fɻ3��:r�tT(ʁ2|{�C�@u�s���s)aR;<�Q��@�<�P��4'�<,lLZ7,��2|���=<�RXX_1[��> MꪂO�J�2,��=VR`<�>�A~guE�Kr �HD+�^@0��3�:�%���_�Ч�6#k;�lh\__|&g.inEz�Ozuݹ"'
m¶-r5�utO;ןWnY�hbv>J5m^kL�(P]5.[NSʩŦΘKs!Yx�9�K��xU�"
/gEL�yx&0;,�~�D0/�& F^�
�01ich6^OV\k)h??Vőt,f53;��nzF�h9j��0ZQc r��!>E.Z}ҹjIJ/6.�/23_2ʻP\~�JmdwQ\��4[�P~�s����?n.?ofnfC�CL*�Ͻ\^Fg(�_d�mW̘K�e/�e�|e�~/�?�_f�2>/>/3�y*cWSF9g�Q~ �0W�{�s?W0W�ׁw2�ɐ?�/�r
qA�u]n�``��ksG� ?e>e�S�n&�&~oon2/$)C�Ay#�pzz;"9(/'�R*z�U�KC(ϐge�3�VN�a�{r!Wgˀ^�� KL+ťW�*7YKxM}%kk[F1nv�d�b�a��5KPe^ۛT#GPYpKxEó#�#�h��toĶ.�p��&}:=Wv l+Jy._[nNJ>S\�ȜHqi@�B�ק3�|{�"\�
̽p'o�eyb }^fҖ1��.? v�d{r��Uts�n
\�y
s%>�|
SG0��75ipy[~|^"h�|k:KdB�'pZc(�fZ���gˌ)R[tě���+
7\z�8Ʈ;��P7��YY#|(VT+[-WJr=n8 "2�DdU*�.�R�0�X\����^9Q(Fuo*%K0njy�=q̐g�a��1V�J�!'\B�x���&�ի2f�dof2
%aw8aokh;b�q �Y8P*`)�K�؞.F^χ$�S�X?r{I�2hؐCK؊9N-#�)N>@O砌Ù�Cwc&38W
"��7�.@c�
dC�!,Sx
uY$N*Ӿf$ӧ6M\�-On\{.|ۃcn"6G�4 (Q"Sq}(!1Qp�S$��J!+�554p��5[#|F MPL\=M=k"6�p�Ζl.T4��K`RJ��z+L9(م�7�x[*Hrx*�Da�i�)�Yձ]w
� 7�g}��ë%:Ɛ�=٭���)0�p,\f�Ѵz!(Dْ�0�-�?�� 2)1��<&`ߟ�2"�L�-� �Ԧ?MkSw�)+],by��٨3�"0lZn�ȉ(�dy�J6�͜�ċOW<߶ZP'jdVw(l6�ږ?Y�c/!k8~m=au�+U�rcdk�{f�:eP"eX�l'ᠢ׀5V`��9H�]�pS`�hup#��1u��B\
(c��to@L?Q!?c]'nJQXƦi#®u4mo���veщ�&�߉nsQaW_
�:y
2^;FB~ea��gZϼ:?ʂo/�Q�F$V30(�y��lH�K9��m5G0X�1'���R�(t>
cJ\gG�ۂ�~�Ӎŵk[Ƃ���˩;[�e�w6��+[Ѐ7H>Y;PE"�1ԛa:(z��0���
�k5nBO\�3L��&j1Bi>e1�2�`=�dZ>�]x�
O!�gW�P
Y�-f�1!Dv88)ҡCCԞR!E´�#T
1L(�B,R�.�גWv!{�Z~�|��E>byx Uf}')VS/ρ.�ȟ8�3}E.t�Q���v<<~v�k
�.3J�bQ'.i?�v.:�,�ںqKO�?v>^5hI:n� $Rzf}!Y�/�uK+_1dF[Wy�&F�{kf5U+kD;idMn+:cSEᘸe=9TVs0v&bBmP?-۔̡r&s.#KM�\eZ)ҦG(�5c�>tgLt�)�2)v}ml-c6�C-{���"jh*��
|
Network Security & Hardware 
