Why hit one OS with malware when you can hit two?
That is the question. The situation is this: The Twitter account of well-known venture capitalist Guy Kawasaki was hacked and used to send out tweets luring users to a site hosting malware.
According to Trend Micro, the malware changes the DNS settings of Windows and Mac machines. If Mac users attempt to view the promised pornographic video on the site, they will download a malicious file.
“For the Mac Trojan part, the DMG file — which is a mountable disk image file — contains a PKG file, which in turn contains component files with the names AdobeFlash, preinstall and preupgrade, all having the size of 3,359 bytes,” Trend Micro Advanced Threat Researcher Ivan Macalintal explained in an e-mail. “These files are all the same files, and were created just last 05/16/09 12:57 a.m. They contain obfuscated bash script.”
He continued, “The script copies itself into a folder in the system and creates a cron job that enables the malware to run periodically. It sends a HTTP GET request to download another script from a remote server. This downloaded script is actually the one responsible for the DNS changes using the SCUTIL GET and SET commands.”
On Windows machines, the user is prompted to download a video codec that is actually malware.
“This isn’t the first time that we have seen code being supplied for both platforms, but it is still a rare event,” noted Trend Micro Solutions Architect Rik Ferguson. “It definitely illustrates the fact that Mac OS is becoming an increasingly attractive target for criminal exploitation.”
Kawasaki acknowledged the attack in a follow-up tweet and apologized to everyone following him on Twitter. The attack, Ferguson said, is another example of hackers abusing trust in social networks to snare victims.
“I think in this particular case and in the case of many of the attacks that come through social networking platforms, the malicious message received a huge credibility boost because of the perceived source,” Ferguson said. “Social networks have their foundation in a trust relationship; you connect mostly with people you know, interact with and/or trust and respect. Someone like Guy Kawasaki posts links all day every day on his Twitter profile and people are used to them leading somewhere credible and interesting: This made him a perfect target.”