Today, we have found a Mac OS X trojan. It is usually said that only windows users should be worried by malware. As we show today, this is not true.
It all starts with a lot of porn sites:
|
ispfiltersporn.com land-porn.com lineporn.net look-porn.com play-porn.com playhardmovie.com playxvideo.com playxxxvideo.net porn-abc.com porn-contact.com porn-global.net porn-go.net porn-group.net porn-party.net porn-play.net porn-plus.net porn-power.net
|
pornissex.com pornname.net pornxxxfilm.com relatedporn.net seek-porn.net stephieporn.com superadultfriend.com theadulteye.com time-porn.net use-porn.com withpornstars.com worldbestadult.com porn-room.net pornabout.com porndrive.net pornhelp.net |
They all host some videos with names like: Download Sample Movie, Free movie clip, Get movie clip
This malware hides as a QuickTime plugin. When you try to download a video file, you are encouraged to download this plugin. It also, asks the user for the administrator password, in order to get installed.
Once installed, it runs a script that changes de DNS configuration, to redirect users to phishing sites of banks, eBay, or Paypal.
As always, be careful!
Thanks to Adrian and Oscar for this one.