Re: New Mac Trojan Horse???

---

• From: Derek Currie <derekcurrie@xxxxxxxxxxxxxxx>
• Date: Wed, 31 Oct 2007 16:58:59 -0400

---

In article <qqGdnXTQPbRWe7XanZ2dnUVZ_sTinZ2d@xxxxxxxxxxx>,
John McWilliams <jpmcw@xxxxxxxxxxx> wrote:

The piece also stated that when users open the .dmg package, the
installer runs. I've never encountered that behavior. Is it possible it
could happen that way; that'd be of concern, as if one were bold enough
to go as far as downloading a codec from a porn site, one might still
look at the install package for legitimacy, though I guess it wouldn't
be too hard to spoof.

The installation in the case described above still requires an
administrator's password to do drop its payload. This is pure
'Psych-Malware' as I call it, where the user has to be fooled
into installing it. Otherwise it is inert.

BTW folks: One potential way to stop this thing dead in its
tracks it to use Little Snitch. It blocks all out going network
calls from your computer. When the fake DNS server tries sending
out data it will be caught, and hopefully if you have brains
enough to use Little Snitch you'll notice that the calling
process is nothing you've ever heard or and deny it. At that
point you can track down the service and eradicate it.

Then again, anyone dopey enough to fall for this porn codec line
is highly unlikely to have Little Snitch.

:-Derek

--
Fortune Magazine 11-29-05: What's your computer setup today?
Frederick Brooks: I happily use a Macintosh. It's not been
equalled for ease of use, and I want my computer to be a tool,
not a challenge.
<http://money.cnn.com/magazines/fortune/fortune_archive/2005/12/12/8363107/>
[Frederick Brooks is the author of 'The Mythical Man Month'.
He spearheaded the movement to modernize computer software
engineering in 1975.]
.

---

• Follow-Ups:
  • Re: New Mac Trojan Horse???
    • From: G.T.

• References:
  • Re: New Mac Trojan Horse???
    • From: Jolly Roger
  • Re: New Mac Trojan Horse???
    • From: G.T.
  • Re: New Mac Trojan Horse???
    • From: John McWilliams

• Prev by Date: Re: leopard - Single User vs. Family Pack
• Next by Date: Trasparent Dock in Leopard
• Previous by thread: Re: New Mac Trojan Horse???
• Next by thread: Re: New Mac Trojan Horse???
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: New Mac Trojan Horse??? ... installer runs. ... tracks it to use Little Snitch. ... The fake DNS server is not on the local machine. ... email to oshea dot j dot j at gmail dot com. ... (comp.sys.mac.system) Re: New Mac Trojan Horse??? ... installer runs. ... tracks it to use Little Snitch. ... The fake DNS server is not on the local machine. ... email to oshea dot j dot j at gmail dot com. ... (comp.sys.mac.system) Re: New Mac Trojan Horse??? ... installer runs. ... tracks it to use Little Snitch. ... The fake DNS server is not on the local machine. ... settings are altered to use _their_ DNS server. ... (comp.sys.mac.system) Re: New Mac Trojan Horse??? ... John McWilliams wrote: ... installer runs. ... tracks it to use Little Snitch. ... I don't think this runs a "fake DNS server". ... (comp.sys.mac.system) Re: New Mac Trojan Horse??? ... installer runs. ... tracks it to use Little Snitch. ... When the fake DNS server tries sending ... Ticketmaster and Ticketweb suck, but everyone knows that: ... (comp.sys.mac.system)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.sys.mac.system  > 2007-10