PandaLabs,
Today, we have found a Mac OS X trojan. It is usually said that only windows users should be worried by malware. As we show today, this is not true.
It all starts with a lot of porn sites:
|
ispfiltersporn.com land-porn.com lineporn.net look-porn.com play-porn.com playhardmovie.com playxvideo.com playxxxvideo.net porn-abc.com porn-contact.com porn-global.net porn-go.net porn-group.net porn-party.net porn-play.net porn-plus.net porn-power.net
|
pornissex.com pornname.net pornxxxfilm.com relatedporn.net seek-porn.net stephieporn.com superadultfriend.com theadulteye.com time-porn.net use-porn.com withpornstars.com worldbestadult.com porn-room.net pornabout.com porndrive.net pornhelp.net |
They all host some videos with names like: Download Sample Movie, Free movie clip, Get movie clip
This malware hides as a QuickTime plugin. When you try to download a video file, you are encouraged to download this plugin. It also, asks the user for the administrator password, in order to get installed.
Once installed, it runs a script that changes de DNS configuration, to redirect users to phishing sites of banks, eBay, or Paypal.
As always, be careful!
Thanks to Adrian and Oscar for this one.
Posted under Malware Alerts
This post was written by Ted on November 15, 2007
