Winnipeg Photographer


Mac Malware – Fake Video Codec OSX-Jahlav-C

Apple Mac Malware / Mac Viruses I am so sick and tired of people saying Windows clients are the only computers that can get viruses. This is simply not the case. Over the last 2 or 3 months the amount of REPORTED viruses for the Mac have risen substantially. I feel the need to educate people about these viruses. Apple’s commercials are crafted so well that they give consumers a false notion of safety using Apple software.


Another example of Mac Viruses / Malware.

image

Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object found at a bogus Macintosh PortTube site.

The use of fake video codec’s is a social engineering tactic used by hackers who have typically targeted Windows. Seeing it used in a Mac OS X based malware attack proves that successful social engineering approaches remain OS independent.

Prior to PareteLogic’s sample, SophosLabs appear to have received an email from the author of last month’s discovered OSX/Tored-A sample, allowing them to add generic detection for any upcoming releases.

Here are some of the PornTube templates used in the social engineering attack, a description of the malware, as well the descriptive filenames used in some of the campaigns:

OSX/Jahlav-C is described as:

“OSX/Jahlav-C is a Trojan created for the Mac OS X operating system. The initial malicious installer is distributed as a missing Video ActiveX Object.

As a part of the installation a malicious shell script file AdobeFlash is created in /Library/Internet Plug-Ins folder and setup to periodically run. The script contains another shell script in an encoded format which in turn contains a Perl script with the main malicious payload. The perl script uses http to communicate with a remote website and download code supplied by the attacker.”

Another Example

image The campaign is also using descriptive files such as, HDTVPlayerv3.5.dmg; VideoCodec.dmg; FlashPlayer.dmg; MacTubePlayer.dmg; macvideo.dmg; License.v.3.413.dmg; play-video.dmg, and QuickTime.dmg.

What’s Apple’s take on this emerging trend?

Earlier this week, in a rare comment of potential Mac OS X related insecurities in the face of malware, the company not only acknowledged OS X Malware, but also pointed out that :

The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection.

Is the company finally taking the right decision to generate security awareness on a threat that is prone to become a daily routine in the long term, or was it too slow to stop using the Mac’s massively advertised immunization to malware as a key differentiation factor?


4 Responses

  1. Well played Jared, well played… good thing I never watch porntube.

  2. Aubrey on June 25th, 2009 at 4:41 am
  3. I blame Mac for moving over from Motorola to Intel. They are turning Macs into PCs!

  4. Bruce on June 30th, 2009 at 10:24 am
  5. Sorry, I meant I blame Apple, not Mac.

  6. Bruce on June 30th, 2009 at 10:25 am
  7. Has nothing to do with going from Motorola to Intel. Apple NEEDED to do it. If they didn’t do it the “Apple Tax” would have been through the roof. What people don’t understand is Apple and Microsoft make different ways. Apple does it through it’s hardware. Microsoft doese it through it’s software.

    These issues have nothing to do with it’s hardware. You are going to see Mac Malware explode in the next year. Just like Windows, your security is only as good as the “user’s” smarts. If you click “YES” to run a crack on piece of software or “YES” to install a video codec then “YES” no matter what OS you have you will be “infected”.

    What I like to remind people is that right now there are a ton of security companies can help users running Windows. Unfortunately that is not the case on the Mac side. I also like to let people know that the first real virus was for the Mac waaaay back in the day. They have never learned.

    Microsoft is going to be giving away FREE antivirus now which I think shows that they care for their customers. Unlike Apple that refuses to tell people that there is a problem until they patch the software. If you look at the track records between Microsoft, Apple, Blackberry etc.. Microsoft still leads the pack on getting a fix out the door and propperly letting it’s customers know what is going on.

    Apple wasn’t even in the top 20.

    That is the main reason why I much prefer Microsoft products to Apple’s.

  8. Jared Heinrichs on June 30th, 2009 at 11:25 am

Leave a Reply