AlienForce1 Posted August 2, 2011 Share Posted August 2, 2011 There's a new Mac OS X Trojan in town, and it masquerades as a FlashPlayer.pkg installer, warns F-Secure."Once installed, the trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 91.224.160.26, which is located in Netherlands," say the researchers.The infected users are consequently faced with a fake Google Search page that looks very much like the legitimate one and is unlikely to raise suspicions as the URL in the address bar says google.com.tw or similar (but without the www).When a search request is entered, the remote server returns a fake page that mimics a legitimate Google search results page .Here's a search request on the real Google.com.tw site on a clean system:And here's the same request on an infected system:At the time of writing, the pop-up pages aren't displaying anything, though we presume they are ads of some sort. It appears that the remote server serving the pop-up pages is down.The other remote server returning fake search requests appears to be still active.F-Secure detects this as Trojan:BASH/QHost.WB.Source : F-Secure Weblog Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted August 2, 2011 Administrator Share Posted August 2, 2011 Please link to the source/original article. ;) Link to comment Share on other sites More sharing options...
AlienForce1 Posted August 2, 2011 Author Share Posted August 2, 2011 Please link to the source/original article. ;)- there was already a link to orig. articleThere's a new Mac OS X Trojan in town, and it masquerades as a FlashPlayer.pkg installer, warns F-Secure.- but , I complied with the request Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted August 2, 2011 Administrator Share Posted August 2, 2011 Please link to the source/original article. ;)- there was already a link to orig. articleThere's a new Mac OS X Trojan in town, and it masquerades as a FlashPlayer.pkg installer, warns F-Secure.- but , I complied with the requestOh I see. I did saw the warns F-Secure thing, but I thought this article was from a 3rd-party news site. Nice to see the link in the end anyway. :) Link to comment Share on other sites More sharing options...
toyo Posted August 2, 2011 Share Posted August 2, 2011 It was a link to the article, but it wasn't a credit to the source. We must give (visible) credits to the entities that created the stories, courtesy&politeness being among the reasons :) Just linking inside the article is not enough.Thank you for adding the source :) Link to comment Share on other sites More sharing options...
mara- Posted August 2, 2011 Share Posted August 2, 2011 No way Mac can be infected! :lol: :lol: :lol: Cheers ;) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.