Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Det Caraig, technical communications spokesperson at Trend Micro, claimed that this is the latest variant of OSX_JAHLAV.C, which was identified in June. It is supposedly a QuickTime Player update with the file name QuickTimeUpdate.dmg, and as with earlier variants, users are prompted to download the malware when trying to view certain online videos from .com domains with the IP address 91.214.45.73.Once infected, a victim's web traffic can then be diverted to the website of the attacker's choosing.Caraig said: “The Trojan contains component files detected as UNIX_JAHLAV.D and obfuscated scripts detected as PERL_JAHLAV.F. The Perl script then downloads a file from a malicious site and stores it as /tmp/{random 3 numbers}, detected as UNIX_DNSCHAN.AA, which allows a malicious user to monitor the affected user's activities. This may also cause the user to be redirected to phishing sites or sites where other malware may be downloaded from.”Trend Micro advanced threats researcher Feike Hacquebord claimed that the domain names have been set up such that when the main IP goes or is taken down, cybercriminals can easily move the back-end to another IP address without the need to change code or scripts.The company warned Mac users to be wary of prompts to download software updates that do not come from Apple's legitimate website.Writing on the ZDNet blog, independent security consultant and cyber threats analyst Dancho Danchev said: “Not only are cybercriminals beginning to acknowledge the ‘under-served' Mac OS X segment, but also, they're already borrowing tricks from the Microsoft Windows playbook such as OS-independent tactics like fake codecs and bogus video players.“The irony? Both the Mac OS X and Windows malware are hosted on the same domains, with copies of each served on the basis on browser detection.”See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.