Mac Honeymoon Over

[Bruce551]

Hackers are reportedly sticking virtual razor blades into Apple computers this Halloween, as a Mac security vendor reports Wednesday that a Mac-focussed Trojan is reportedly loose on the internet costumed as an innocent video decoding file.

Mac OS X users visiting malicious porn sites are told to download a special codec that will let Apple's Quicktime player to play the porn flicks, but instead of adult treats, users get a malicious trick, according to anti-virus vendor Intego.

The OS X Trojan, which infects a computer after a user chooses to download a proprietary codec, hijacks the infected computer's DNS settings. Internet-connected applications use DNS settings to figure out how to translate URLs, such as Wired.com, into the physical address of a server, according to Intego's alert. By hijacking the DNS, the Trojan is able to redirect visits to sites such as banks, eBay and PayPal to fake websites that attempt to harvest user's logins and passwords to commit financial fraud.

A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites. When the users arrive on one of the web sites, they see still photos from reputed porn videos, and if they click on the stills, thinking they can view the videos, they arrive on a web page that says the following:

Quicktime Player is unable to play movie file.

Please click here to download new version of codec.

Update: Sunbelt Software's Alex Eckelberry (who has posted screenshots) and botnet expert Gadi Evron say this is the work of professional cyber-criminals and that Mac users are now on notice that they are targets, too.

Eckelberry writes:

I don't mean to sound breathless about it. As far as we know, it's not widespread. But this is the first targeted, real attack on Mac users by a professional malware group.

How to find and remove the OSX.RSPlug.A malware

Wed, Oct 31 '07 at 12:00PM PDT ? Submitted by robg System

As reported in many places, including Macworld, there's a new OS X malware in the wild, first reported by Intego, who named it OSX.RSPlug.A (where do they get these names?).

I spent some time this morning looking at this malware, and wrote this article explaining how to find out if you've been infected, and how to remove the programs if you have. If you want all the details, you can read the article. If you just want to know how to remove the malware, here's the simple process:

1. In the Finder, navigate to /Library -> Internet Plug-Ins, and delete the file named plugins.settings. Empty the trash. This deletes the tool that sets the rogue DNS Server information.

2. In Terminal, type sudo crontab -r and provide your admin password when asked. This deletes the root cron job that checks the DNS Server settings. You can prove it worked by typing sudo crontab -l; you should see the message crontab: no crontab for root.

3. Open your Network System Preferences panel, go to the DNS Server box, and copy the entries you can see to a Stickies note, TextEdit document, or memorize them. Now retype those same values in the box, then click Apply.

4. Reboot your Mac.

The only people who should be infected today are those who have broken the number one rule of internet computing: don't download and install programs (especially those that are (a) package installers that ( request your admin password) from untrusted sources. However, because this particular trick could be used on any sort of potentially popular site, I thought I'd share the simple how-to, as well as the links above for more details.

As OS X grows in popularity, I expect that this type of thing will become more commonplace.

:arrow:

[zeusbheld]

see, this is what happens when you cross that magic threshold of five percent market share :cry:

[robbie36]

I thought the Mac honeymoon was over long ago.

Last night a PR exec brought her Mac over to my house to show me a presentation and some other stuff. She tried to connect to my wireless network and failed miserably.

"I hate Mac" she said....

We used my windows notebook instead...

Her Mac is still in my kitchen. She left without it. Unloved or what?

[zeusbheld]

usually mac not connecting to a wifi network is a matter of the network's security (probably requires a password that's already in your laptop).

that said, macs are finicky about net security in general for some reason. in principle unix is great for networking but i suspect there are tweaks either from the hardware or from dumbing it down to a GUI.

also, the genius that decided apple laptops should have aluminum cases really needs a right and proper bitchslap. aside from a) conducting electricity and hindering the internal wireless antenna... it's one of the softer metals and dents easily. yeah, i guess it doesn't matter if it actually works as long as it looks cool. thanks big steve!

[robbie36]

usually mac not connecting to a wifi network is a matter of the network's security (probably requires a password that's already in your laptop).

I maybe a pc user but I do know the password to my own wifi network!!

[zeusbheld]

usually mac not connecting to a wifi network is a matter of the network's security (probably requires a password that's already in your laptop).

I maybe a pc user but I do know the password to my own wifi network!!

i have to look mine up. :oops: