Verizon Wireless
June 12, 2009 9:12 AM PDT
New Mac Trojan, OSX/Jahlav-C has been discovered
2009 has seen quite an onslaught of malicious software targeting the
Mac OS. The siege continues with a new Trojan, OSX/Jahlav-C. This software is most closely associated with the Internet Web site, PornTube, masquerading as an ActiveX object that users must install to watch the video content on the site.
Common filetypes that are downloaded include:
notification Let us know! Twitter! More from Late-Breakers
Common filetypes that are downloaded include:
HDTVPlayerv3.5.dmgThese attacks take advantage of a common Mac-user misconception, "My Mac is always safe." These socially engineered sites aim to lure Mac users into trusting them by making everything appear "Mac-friendly". Once duped, users can be exploited by code running inside the package files. Inherently, Macs are still much safer than PC's, however with the increasing popularity of the Mac OS, expect to see the amount of potentially malicious software increase.
VideoCodec.dmg
FlashPlayer.dmg
MacTubePlayer.dmg
macvideo.dmg
License.v.3.413.dmg
play-video.dmg
QuickTime.dmg
The best course of action for Mac users is to examine the files they download carefully, especially if you are being asked for your administrator password to install codecs, utilities, or any other unfamiliar application. Most malware resides on disreputable or untrusted Web sites such as pornography sites or in illegally downloaded software packages. Currently there are no self-propagating viruses for the Mac.
Resources
Read this notification about the OSX/Jahlav-C Trojan posted on Mac NN.
Experiencing problems? Have feedback? Let us know!
Follow MacFixIt on Twitter!
Girl on street: Want to try something new?
Man: Like what, syphilis?
---
Andreas
G5 2.1GHz ? OS 10.5.7 ? OS 10.4.10 for Classic & Applescript
No moral pomposity, just common sense and experience from previous examples.
People become accustomed to installing plug-ins and add-ons. It's certainly not just porn sites that do this. Any number of sites require Adobe, Macromedia, Silverlight, Quicktime, on and on... Sure one should naturally be on-guard if they're walking in the shady side of town. But it's easy to see how people become inured to the process of always needing some extra piece of software just to make the internet "work".
There is no way to protect any platform from a Trojan; obviously even the world's most secure systems could be foiled by a user installing something they think is desirable onto it.
I enjoy and respect the information provided by MacFixIt. But we have enough unfounded fear mongering from outside of the Mac community without MacFixIt promoting the same thing from within.
that's because macfixit has not been really part of the mac community since their new c-net overlords with their microsoft funding have taken over.
have you not noticed how much less helpful and how much more anti apple this site has become? the fear mongering is a clear indication of this.
'quite an onslaught' my foot!
this used to be a great site for actual troubleshooting years ago. now it's just another venue for paid shills to make a buck.
...but despite your opinion you're here reading.
My comment was regarding the content, not the source. While MacFixit has experienced change over time, I think the spirit of Ted Landau is still there - to help the Mac community. If you have an issue with the content, then say so. But don't question their intent.
How are they "shills" for Microsoft? CNET is not a subsidiary of Microsoft even though the site may have MS advertising. No more than the Wall Street Journal or NT Times is a subsidiary of Apple for accepting Apple advertising.
Right at this moment the first ad you encounter on CNET is a Sprint/Palm Pre ad, not MS. And the top article on CNET at the moment is touting the benefits of the recently updated MacBooks. There are many Apple/Mac users at CNET. So don't assume some conspiracy theory exists when the facts do not bear this out.
There are conspiracies and then there are conspiracy theories, the latter of which result from folks who don't have a clue as to what they're talking about.
MacFixIt has always been, and still is, a pro Apple site but a practical one. You can always get troubleshooting info from Apple and it's message boards. The point of MacFixIt is that it's troubleshooting from outside the Reality Distortion Field. You can be honest and offer constructive criticism and still be pro Apple. I know that C|Net has a reputation, among some people, for sensationalism. In other words, bringing up topics and arguments for the sake of controversy rather than constructive criticism but I have yet to see that here on MacFixIt.
There are a lot of unanswered questions.
1) What does the Trojan do to an infected computer?
2) How do I test systems to see if they are infected?
3) What's the Fix if I find infected computers?
4) Is it a simple search for the listed downloads and delete those files if found or does this Trojan duplicate and spawn over the system?
5) Will ClamXav catch this?
6) Would this be a system wide trojan or isolated to a user on a multi user system?
Thanks.
There are a lot of unanswered questions.
Agreed.
For #1-3, the correct answer (though not necessarily the most helpful) is: I don't care because I don't install things from untrusted sites. Just to be clear here, a "porn" site can be trusted or untrusted. Also, your definition of "porn" can, and will, differ from mine.
4) Is it a simple search for the listed downloads and delete those files if found or does this Trojan duplicate and spawn over the system?
A: Ignore the list of sample filenames. These DMG files are vectors. They're the mosquito to the malaria. They are harmless until opened and, further, acted upon. They contain an installer. The installer has to be run. The user has to have the admin password. The user has to actually enter the password. See where I'm going here?
5) Will ClamXav catch this?
A: Visit their site / Ask the developer. That's a freeware antivirus for Mac, right? I have nothing against this software, but I've been driving a Mac for two decades plus and see little reason to run antivirus on a Mac. Perhaps as a curiosity. I also drive Windows boxes and I take the opposite approach for those.
6) Would this be a system wide trojan or isolated to a user on a multi user system?
A: The article implies the former. The article also implies my answer to #4. See your comment that I quoted above.
Update: The linked MacNN article actually answers #1 and confirms my answers to #4 & 6.
5)Will ClamXav catch this?
A: Visit their site / Ask the developer. That's a freeware antivirus for Mac, right? I have nothing against this software, but I've been driving a Mac for two decades plus and see little reason to run antivirus on a Mac. Perhaps as a curiosity. I also drive Windows boxes and I take the opposite approach for those.
Yes ClamXav is a freeware antivirus for the Mac. The general wisdom, as discussed here on MacFixIt and other sites, is that this is probably the AV to use for most Mac users who want to or need to run AV. Some Mac users are in work environments where they are required to have some kind of AV whether they want it or not. The reason that ClamXav is most recommended is that it has been the most trouble free. If you check the archives here at MaxFixIt, you will find numerous items related to antivirus programs causing problems. In short, most antivirus on the Mac has, thus far, caused more trouble than it prevented. Since ClamXav causes the least trouble, it is likely to be the first to generate a net benefit in an environment of increasing risk.
You want to boo hoo around the Internet trying to prove a point? That MacFixIt is being controlled by a bunch of money hungry CNET execs that hate Apple?
Give me a break.
If you want fear, watch FOX News. They are fear mongering. They are money hungry.
MacFixIt is a site controlled by a couple dudes that love Apple and want to be sure the people that read the site are informed about possible issues, important fixes, updates, Apple news, and cool tips and tricks we pick up along the way. That's it. Yes, CNET owns the site, but who cares? Honestly. Every site has advertising, but if you think the little banner ad is paying everyone at MacFixIt millionaire salaries so they can play with their Microsoft Surface's at home as they think of more ways to alienate the Mac community, perhaps you should search out a neurosurgeon and get your head checked.
You want to talk about being part of the Mac community? Have a constructive comment on an article posted by one of the staple sites in the Mac community. If you want to post a ranting, unoriginal, uniformed, completely ludicrous comment, start a blog and see if anyone cares. Take an "I want to help" approach and you will find that everyone will benefit.
What's your point? OF COURSE. People are stupid. Nothing will stop phishing either... oh, wait... there are defenses against it within browsers...
The POINT is that IF you get some kind of corruption on your computer, BLAME isn't the issue anymore. The issue is Now What? The issue is to remove it immediately instead of it zombizing that computer. THAT is why there are things like VirusBarrier: to get rid of an infection cleanly.
"If you just didn't get infected in the first place..." is no argument at all.
- by joinerm June 14, 2009 8:47 AM PDT
- Yawn
- Like this Reply to this comment
-
(17 Comments)