Wednesday, January 26, 2011

Top 5 Malware for Mac OS X

Top 5 Malware for Mac OS X Users Should Know About:

Why you need a Mac OS X Antivirus: an overview of the most aggressive pieces of malware targeting Mac OS X users
For quite a while now, Mac OS X systems have been touted to be safer and “smarter” than regular PCs using Windows operating systems. And so they were, since Mac OS X users represented a small fraction of the entire Internet user-base. However, as the number of users embracing Mac OS X increased, so did the interest of malware authors to have a bite from the shiny apple.

At the moment, there are around 300 e-threats especially designed for the Mac OS X platform. Some of them are simple adware-based applications ready to cash on the unwary, but others are highly dangerous tools that can easily hijack e-banking sessions or that expose the entire computer to the attacker. Below we’d like to present you a couple of the most dangerous e-threats that you should know about if you’re using a Mac-based computer.

Trojan.OSX.Jahlav.A & Trojan.OSX.Jahlav.A – The Fake Codec
The OSX.Jahlav family has been discovered in November 2008, when it started to be distributed as a fake codec. In order to lure users into downloading and installed the malicious DMG (Disk Image) file, the gang behind this scheme created a page claiming to feature an “unplayable” video. If the user installs this alleged codec, the malicious payload starts downloading additional Trojans from a remote web server.

Trojan.OSX.RSPlug.A – Porn may get you phished even on a Mac
This is one of the most dangerous families of malware running on Mac OS X. The RSPlug Trojan also plays the missing codec card in order to persuade the user into downloading and installing the infected DMG. It is present particularly on websites with pornographic content. Once installed, the Trojan tampers with the DNS server entries in order to redirect traffic from legit addresses to copycat, spoofed domains set up by phishers to collect critical information about e-banking accounts, email and the like.

This kind of attack is extremely difficult to tell, since the user will be redirected to the fake version of the website even when they manually type in the correct URL on when they access a bookmark that has worked in the past. The only hint would be the absence of the SSL certificate, but, since users hardly look for their presence, they probably won’t spot the trick.

Other uses of the RSPlug Trojan are related to redirecting users’ requests towards pornography websites or to websites asking to install adware / malware or take surveys.

Trojan.OSX.HellRTS.A – The Remote Access Tool
Trojan.OSX.HellRTS.A is more than a simple e-threat. It is a complex malware development kit that allows an attacker to create their own piece of malware for Mac OS X in no time. The pack contains a client-server application, where the server is the backdoor service running on the infected machine and the client application is used by the attacker to issue commands. Apart from the client and the server, the pack contains a Configurator - a config application that “fine tunes” essential aspects of the Trojan such as the listening port or connection password, as well as a SMTP grabber – used for routing ANY messages the victim receives to the attacker.

If the system has been successfully infected, a remote attacker may perform a wide range of operations on the infected computer, ranging from annoying pranks (such as launching chat instances, playing voices or instruments, launching applications and web pages, or shutting the system down / logging the user out etc.) to extremely harmful operations (including the execution of binary code, fetching all the data available on the HDD or routing all the incoming mails to an attacker’s address). The attacker can also watch the user work without their knowledge via the Desktop View module.

Trojan.OSX.OpinionSpy.A – Mac Screensavers reporting to the base
The OpinionSpy family of spyware is usually installed by a number of freely-distributed applications such as screen-savers and audio / video converters. The installer utility of these applications will fetch the spyware package, install it and run is with root privileges. Trojan.OSX.OpinionSpy.A poses as a marketing research tool, but it does more than collecting users’ browsing habits and preferences: it also opens backdoors and shuffles through a great number of documents found on both local and remote drives. The Trojan poses a great danger to the user’s privacy and to the security of the stored data.

Trojan.OSX.Boonana.A – The Social Network Worm
Trojan.OSX.Boonana.A is a multi-platform e-threat that can run on Windows, Mac OS X and Linux altogether. This Java-based piece of malware downloads a couple of malicious files in the user’s home folder in an invisible folder called “.jnana”, then installs a local IRC- and web server, among others. The Boonana piece of malware will also attempt to change the DNS server settings in order to hijack requests to legit websites towards spoofed websites as part of an extremely efficient phishing scheme.

In order to enjoy a safe surfing experience, we advise you to install a security solution for Mac OS X.

Click Computers – Computer Repair Utah
Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.

Friday, January 7, 2011

Fake Anti-Viruses Always Ring Twice

As more and more users have become accustomed to the usual look of rogue or fake anti-viruses, cybercriminals thought that it would be a good idea to tweak the style of their progenies a bit. One of the latest new entries purports to pertain to none other than the Microsoft® defensive suite.

Primary fake alert

Trojan.FakeAV.LHS attempts to dupe the user into installing it as a legitimate application. Once onto the unprotected machine, it creates and launches its clone from the current user’s Application Data folder and deletes the initial file that infected the computer. Moreover, it scrounges the registry settings under HKCU\Software\Microsoft\Windows NT\Winlogon\Shell, in order to be launched before the explorer.exe process.

Additionally, FakeAV.LHS mimics a system scan and issues multiple annoying warnings about a gazillion of imaginary infections and other e-threats, while also requiring the gullible user to install a so-called “Windows Optimization Center" for maintenance and disinfection purposes, as depicted in the following screenshot.

Secondary fake alert

FakeAV.LHS unleashing the annoying “optimization center”

After the installation of the malicious center, the rogue continuously bugs the user to purchase a so-called license that will complete the disinfection process. To be even more credible, the Trojan kills any process/application that the user launches/opens, reminding him or her to buy that useless license.

Inciting warning to throw money out the bogus anti-virus’ window

To make sure that you are not the victim of this kind of e-threats and that you are actually protecting your system and data, install a reliable (please do read “real”) and certified anti-malware suite.

Click Computers – Computer Repair Utah
Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.