Save $$$. Deals on Lenovo ThinkPad
September 1, 2009 11:50 AM PDT
Mac Malware Update: Unauthorized downloads of Snow Leopard infested with Trojans
Several Web sites have sprung up over the last couple days offering users free upgrades of Apple's latest operating system,
Mac OS X 10.6 Snow Leopard. Of course, these sites are socially engineered ploys to trick users into downloading malicious software.
Much like the iWork '09 and Adobe CS4 infected install packages we reported on in the spring, these Snow Leopard download sites are enticing users to get a free copy of the popular software, only to add a malicious version of a DNS Changer Trojan to their Mac.
TrendMicro Let us know! Twitter! More from Late-Breakers
Much like the iWork '09 and Adobe CS4 infected install packages we reported on in the spring, these Snow Leopard download sites are enticing users to get a free copy of the popular software, only to add a malicious version of a DNS Changer Trojan to their Mac.
TrendMicro has reported the threat on their blog:
Once executed, OSX_JAHLAV.K decrypts codes, which include a script that downloads other malicious scripts. The said script then alters the DNS configuration and includes two additional IP addresses in its DNS server. Users are thus possibly redirected to phishing sites and other fraudulent sites. In fact, some of these bogus sites are reportedly hosting FAKEAV (rogue antivirus) variants and components.Users are advised to only obtain copies of Mac OS X 10.6 Snow Leopard from Apple directly, or other trusted retailers.
Experiencing problems? Have feedback? Let us know!
You can now follow MacFixIt on Twitter!
Joe is a seasoned Mac veteran with years of experience on the platform. He reports on Macs, iPods, iPhones and anything else Apple sells. Before joining CNET, he even worked in Apple's retail stores. He's also a creative professional who knows how to use a Mac to get the job done.
Seriously, folks. It's $29. Go down to the store and buy a copy.
And only $ 25, free shipping and no tax at Amazon.
That is true - ONLY for Leopard machines. Tiger requires an outlay of $165-170 since iWork and iLife HAVE to be bought at the same time.
It would be helpful if Apple made JUST the OS available for people who do not use either iLife '09 or iWork '09. And, to make matters more complicated, Snow Leopard Compatibility: Mac OS X 10.6 Snow Leopard Compatibility List [http://snowleopard.wikidot.com/] does not list those apps' compatibilities with SL.
"You can't cheat an honest man. He has to have larceny in his heart in the first place."
-- William Claude Dunkenfield (W. C. Fields)
---
Don't anthropomorphize computers.
They hate that.
You don't need to feel guilty, but you probably should have thought this through more carefully, given that it's somewhat common knowledge that this is one of the main ways malware gets onto some people's computers.
In any case, I can understand your eagerness. I was slightly annoyed when various commitments prevented me from getting out the door to buy Snow Leopard the Friday it came out, requiring me to buy it--gasp--on Saturday. In any case, I was happy once I installed it on a friend's Early 2008 MacBook (I don't own an Intel-based Mac yet), and saw a very noticeable speed increase across the board. Prior to installing Snow Leopard, her MacBook had been painfully slow, even after I performed every maintenance task I could think of, short of a reinstall.
Maybe by installing SL you removed some malware infecting her OS. ;-)
It isn't hard to find Web hosts, and its not even that hard to find a Web page's owner. It is highly illegal to create and/or disseminate malware. Why haven't these sites been shut down instantly, and why haven't the owners of these sites been arrested?
It seems to me that the easiest way to keep malware authors from creating malware is to enforce the law. Why haven't the folks who have encountered these sites not reported them to the FBI? Why hasn't the FBI acted on this?
Yeah, but demonoid.com is a trusted site and so are it's users. I've never seen any nasty stuff infecting anything on there. Snow Leopard just sucks and that's the bottom line.
Um, you are aware that there are websites located outside of U.S. jurisdictions, right?
And the FBI won't pursue a cybercrime unless there are more than $10,000 worth of damages inflicted.
You may not even need 10.5-
I installed 10.6 on top of 10.5-then got a brainstorm:
I thought it odd that my SL box said "RETAIL" on it-nothing on the disc face, box, UPC sticker or the Install process had the word "upgrade" in it;
So I wiped my HD to ZERO-shut down-restarted and-10.6 booted and installed just fine
Now MAYBE my first install detected 10.5-and changed my firmware to accept and install a lone SL disc in the future-but now I do not need to keep a copy of 10.5 around to install SL-which is fine with me
Boo!
- by PSmith October 27, 2009 11:50 AM PDT
- Frankly, I'm surprised it took this long for the "bad guys" to start loading malware into pirated Mac software. Since the Mac OS is not vulnerable to "drive-by" viral infections and other weaknesses of the Windows platform, social engineering like this is the simplest way to infect a Mac.
- Like this Reply to this comment
-
(22 Comments)