Mac infection masquerades as QuickTime

13 Aug 2009 21:27:44

Terry Willis

From MacUser on-line Newsletter (Thanks to Euan Williams for passing the information on)

Mac infection masquerades as QuickTime update10:43AM, Wednesday 12th August 2009

A fake QuickTime installer is hiding the latest version of the a trojan capable of infecting Mac OS X systems.
SX/Jahlav-D is hidden inside a hacked installer package for the MacCinema application. When the installer runs it prompts the user to update QuickTime, whereby the trojan installs a pair of malicious scripts on the Mac.

Previous versions of the trojan have been distributed in hacked copies of iWork and Photoshop, or have masqueraded as updates to Adobe’s Flash player and as plugins said to be necessary to watch web videos.

The potential infection serves again as a reminder not to install software unless it is comes from the developers’ own website, or in Apple’s case via Software Update, or from a trusted third-party site such as MacUpdate or Version Tracker.

Currently, installing hacked software is the only way to allow an infection onto a Mac. There is no self-propagating malware that kind find its way onto a system without the user’s help.

Re: Mac infection masquerades as QuickTime

14 Aug 2009 12:05:30

Mark Ford

Thanks for the warning Terry/Euan but what is 'hacked software' and why might one have it?

And how would one know if an offer of a plugin is legitimate?
For example, I was wanting to watch a Windows ad [I know! I know!] and was offered, I think, Siverlight as a plugin to enable me to watch it.
I took it - no idea where it went but how would I know if that, or something similar, is legitimate?

Re: Mac infection masquerades as QuickTime

15 Aug 2009 13:05:36

Mick Burrell

Generally speaking hacked software will be where someone has managed to crack the protection on it so it's free rather than paid for or possibly much cheaper than it should be. For example, Adobe's shop currently has Photoshop CS4 Extended at £950. If you find a site selling it for £100, remember the old adage - if it's too good to be true, it probably is. This is likely to be hacked software. Whilst I have no understanding of the mentality that writes viruses, I can see that hiding one inside something which will appeal to peoples' natural greed will get it spread quite quickly.

Anything you download from a reputable site - Apple, Adobe etc. - should be fine but beware of links in emails which, like the banking scams of old, purport to take you to say lloydstsb.com but when you looked at the link were taking you to somewhere different, usually starting with an IP address rather than a name.

If in doubt, look at where the link says it's taking you, open a new browser window and navigate there manually. In your example, instead of clicking on the link to Silverlight, type in your new window www.silverlight.net and navigate to the download manually. That way, you'll be sure you're downloading the official one from Microsoft.

Re: Mac infection masquerades as QuickTime

15 Aug 2009 13:22:59

Mark Ford

Thanks Mick - sounds sound!

Feed