There is also a version for Windows platform users, said Runald, and it was this version that led him to the conclusion the group behind the DNS-changing Mac Trojan is the same group behind the malware released earlier this year known as "zlob." "It reports the name of the computer and the operating system version back to another IP address within the Ukraine to keep track of the installs they have," he told ZDNet Australia. However, F-Secure technical manager Patrik Runald said the Trojan is also on a reconnaissance mission of sorts: it reports its findings back to an IP address in the Ukraine. The "payloads" of the 32 variants of the Trojan are the same as the original discovered by Intego. The prime purpose appears to be to make money when people click on ads served on the sites. If it is downloaded, it alters a computer's domain name system (DNS) server, redirecting the machine to porn sites of the malware distributor's choice. The Trojan is being disguised as a codec, a device used to decode digital streams.
#Awesome screenshot trojan for mac os x#
Last week, Mac security software vendor Intego discovered a Trojan designed for Mac OS X being distributed via porn sites. And they keep putting out slightly modified versions of the Trojan for the Mac too," Mikko Hypponen, chief research officer at F-Secure, wrote in his blog this week. The gang behind it seems serious about targeting Mac users as well as Windows users.
"Looks like the Mac Trojan we posted about last week was not an isolated incident. Security firm F-Secure has discovered 32 variants of it, but claims about its powers have been wildly overstated, according to experts. If Mac users thought the Trojan discovered last week was a one-off, they'll need to think again.
0 kommentar(er)
