New Mac Trojan targets porn viewers (i.e. Everyone)
Intego has issued a rare “critical” security alert for Mac users pertaining to a new Trojan Horse application – primarily spread through visiting adult websites.
Exploit: OSX.RSPlug.A Trojan Horse
Discovered: October 30, 2007
Risk: Critical
Description: A malicious Trojan Horse has been found on several pornography web sites, claiming to install a video codec necessary to view free pornographic videos on Macs. A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites. When the users arrive on one of the web sites, they see still photos from reputed porn videos, and if they click on the stills, thinking they can view the videos, they arrive on a web page that says the following:
“Quicktime Player is unable to play movie file.
Please click here to download new version of codec.”After the page loads, a disk image (.dmg) file automatically downloads to the user’s Mac. If the user has checked Open “Safe†Files After Downloading in Safari’s General preferences (or similar settings in other browsers), the disk image will mount, and the installer package it contains will launch Installer. If not, and the user wishes to install this codec, they double-click the disk image to mount it, then double-click the package file, named install.pkg.
If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator’s password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the web site, they will simply come to the same page and receive a new download.
This Trojan horse, a form of DNSChanger, uses a sophisticated method, via the scutil command, to change the Mac’s DNS server (the server that is used to look up the correspondences between domain names and IP addresses for web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web pages displaying ads for other pornographic web sites. In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be hijacked. In the latter case, it seems that this is being done solely to generate ad revenue.
Under Mac OS X 10.4, there is no way to see the changed DNS server in the operating system’s GUI. Under Mac OS X 10.5, this can be seen in the Advanced Network preferences; the added DNS servers are dimmed, and cannot be removed manually. (Intego is currently testing previous versions of Mac OS X; it is likely that they can be infected as well, since all versions of Mac OS X have the scutil command.)
The Trojan horse also installs a root crontab which checks every minute to ensure that its DNS server is still active. Since changing a network location could change the DNS server, this cron job ensures that, in such a case, the malicious DNS server remains the active server.This Trojan horse also provides different versions of itself, perhaps according to the country in which the user is located to provide country-specific spoofing. Repeated downloads of the disk image show that there are several different versions.
Perhaps not coincidentally, Intego suggests the best way to combat this Trojan (asides from getting a girlfriend, of course) is ” to run Intego VirusBarrier X4 with its virus definitions dated October 31,2007. Intego VirusBarrier X4 eradicates the malicious code and prevents the Trojan horse from being installed. Intego recommends that users never download and install software from untrusted sources or questionable web sites.”
If you think you might be infected by the Trojan but don’t want to fork over $80 for VirusBarrier (free trial available), Macworld has published a tutorial on how to check for and remove the Trojan using Terminal.
Apple Store displaying Jail broken iPhone
Who can tell these days if anything on the web is real, what with these newfangled computers and all, but if this flickr pic is not ’shopped, it’s a pretty damn funny shot.
[UPDATE: Faithful Macenstein reader max just sent us HIS pics (see below) of the several iPhones he claims to have unlocked at the Biltmore, AZ Apple Store using jailbreakme.com. Seems to be an epidemic!
The comments below have explained away the SMS message alert (the only real question mark in our mind), so yeah, we’re calling these legit. Knowing Apple, we figure by tomorrow jailbreakme.com will be blacklisted from the Apple Store’s Wi-Fi base stations.
Are iCal’s days numbered?
I am SO sorry for that pun. Please forgive me – I honestly tried not to write it, I really did, but I am just not strong enough. 
And no, for the record, I do not really think iCal is on the way out, (after all, would Apple have finally fixed the icon if it didn’t think iCal had a long and rosy future ahead of it?) but is anyone else having trouble finding those iCal calendar subscriptions Apple used to make available? Or, for that matter any mention of iCal at all on Apple’s site (aside from its cameo in the 300 new features of Leopard, that is).
Previously, going to Apple.com/iCal brought you to the iCal page where you could find the link to iCal’s calendar library subscription pages – full of goodies such as the latest Movie Releases, or NFL schedules. Now that link redirects you to Leopard’s 300 New Features propaganda page. A quick search of Apple.com reveals iCal is now a very hard app to find info on. iCal’s support page leads you to similar dead ends. Clicking on “Specifications” for iCal brings you to Leopard, and the link Apple’s “Mac 101: iCal” page gives you for the old iCal library page http://www.apple.com/ical/library/ returns Apple’s “Page not found” screen.
For the moment, all the current iCal calendars we had previously subscribed to seem to be working correctly, but it’s not looking good for future Apple served calendars. Can any of you web sleuths find where Apple has hidden iCal’s library page? First one to do so becomes my BFF. Thanks.
Leopard fixes iCal’s icon
I’ve been running Leopard now for about 5 days, and until just now I really couldn’t come up with a good reason to recommend anyone rush out to upgrade to the latest OS. However, thanks to faithful Macenstein reader Bilbo, I feel confident Leopard is worth all of its 12,900 cents. Why? Well, notice anything different about this picture?
That’s right! Bilbo pointed us to a posting over at as 2sentencesorless.com where they were astute enough to notice that Apple has finally listened to our daily feature requests, and fixed iCal’s icon to display the current date in the dock! (It still displays “July 17th” in the Applications folder). I feel ashamed that I did not pick up on that one myself, as, as I said, I pretty much sent Apple a daily feature request on that one.
So yes, thanks to iCal, Leopard actually IS worth $129, and application compatibility be damned, I suggest you rush out and upgrade today.
(Now, who wants to take bets on how long it’ll takes for some old school Tiger fan to hack the icon back to July 17th?)
Using Disk Warrior to repair flaky Leopard Installations
Faithful Macenstein reader Jon writes of with his recent experience in running Disk Warrior to help fix his upity Leopard install.
Good morning! I upgraded to Leopard yesterday on two systems and have some information that might be useful to someone else.
After upgrading my iMac, it acted “flaky.” Some System Preferences would hang as would other things. Before reverting to a backup, I ran DiskWarrior on it. It found a whole slew of inconsistencies introduced by the Leopard upgrade (I ran DiskWarrior immediately before the upgrade, so I know those problems weren’t there beforehand). Anyway, it looks like all of the abnormal behavior was corrected by running DiskWarrior and I’m running smoothly (so far) on Leopard.
Jon was smart enough to not attempt to repair permissions on the Leopard Volume using Disk Warrior, as Alsoft has warned against it for the time being.
So, if your Leopard install is acting “flaky”, as was Jon’s, and you have a copy of Disk Warrior 4.0 (meaning the physical disk) to boot from, you might want to try running it to see if it straightens out your problems before you devote hours to a clean install.
Thanks Jon!
WOW. Apple Sells Two Million Copies of Mac OS X Leopard in First Weekend
Who even knew there were 2 million Leopard compatible Macs out there?!
Taken from the official Apple Press release:
Apple today announced that it sold (or delivered in the case of maintenance agreements) over two million copies of Mac OS X Leopard since its release on Friday, far outpacing the first-weekend sales of Mac OS X Tiger, which was previously the most successful OS release in Apple’s history. Sales included copies sold at Apple’s retail stores, Apple Authorized Resellers, the online Apple Store, under maintenance agreements and bundled with new Mac computers. Leopard is the sixth major release of Mac OS X and is packed with more than 300 new features.
“Early indications are that Leopard will be a huge hit with customers,” said Steve Jobs, Apple’s CEO. “Leopard’s innovative features are getting great reviews and making more people than ever think about switching to the Mac.”
So, what do you know about AVCHD?
Macenstein has now gotten enough of a readership base that I feel the time has come to abuse our popularity and ask for a little technical advice. The question today has to do with whether or not I should buy an AVCHD camcorder, or, more accurately, whether I should return the one I just bought.
In preparation for Halloween and multiple children’s birthday parties, this Saturday I went to Circuit City and picked up the Panasonic HDC-SD5 AVCHD camcorder. Without getting too technical (mainly because I can’t) it’s a 3CCD flash memory based camera, meaning no tapes are involved. What sets it apart from most other High Def camcorders is its ability to record at “full HD”, meaning 1920×1080i, 30 fps.
Above: While in motion the video looks decent, yet a freeze frame reveals some pretty heavy compression artifacts, even in sunlit shots.
In general, I feel the pictures it takes are reasonably nice when outside or in a room with sunlight, yet not much better than a giant mini DV image when shot in a standard living room in the afternoon or at night. I understand noise is to be expected when the CCD’s are shrunk this small, but given that at the 1920 x 1080 setting it supposedly records are 13Mbps constant bit rate, I guess I was expecting better.
The unfortunate downside to adopting this newer tapeless format is that Final Cut Pro (my editing system of choice) does not yet support the AVCHD format. However, iMovie ‘08 does, as Steve pointed out in his last Stevenote (well, that’s half true. Really all iMovie can do it read from the card, and convert it to the Apple Intermediate codec, which means your 40 minutes of footage you shot on a 4GB SD card now takes up 40 GB of hard drive space). Unfortunately, iMovie ‘08 appears to be the least intuitive “intuitive editing app” I have ever seen, and I can’t imagine trying to even add a fade to my footage, much less do any real editing in it.
I’ll bash iMovie ‘08 fully at a later date, but suffice it to say, my current workflow now relies on using iMovie ‘08 to import my footage, and then taking the resultant converted footage into Final Cut to edit it. I know Final Cut is supposedly going to be adding support for the feature in the somewhat near future, and I can work this way for now, but the two questions I am posing to you, dear readers are:
1) Do any of you know, or could any of you make an educated guess, or even a good BS riff, as to whether when Final Cut eventually DOES add support for AVCHD, will it be similar to iMovie’s approach, meaning it will never be able to edit the format natively, and will have to first convert (and embiggen the file size) of every import? Or will it be able to use the native files? Does anyone know how AVCHD works on the PC in apps like Pinnacle Studio Plus?
2) Do any of you have experience with other HD camcorders, tape-based or otherwise, and think you could recommend a better solution? I am particularly interested in a camera that might experience less camera noise in low light situations, and I would even give up the native 1920×1080 resolution if it meant better overall image quality. I suppose I am looking in the sub $1400 range.
Thanks in advance for any help.
-The Doc
[UPDATE:] I would appreciate it if anyone who owns and likes their HD camcorder could take a moment and send me a still frame from it, just so I can see whether I am getting comparable performance from the SD5. You can send it to plotsuggestion@macenstein.com. Thanks!
Now even ugly people can use Leopard’s iChat
Now ugly “facially challenged” people have TWO new visage-obscuring iChat themes to choose from that will allow them to communicate with the outside world!
MacRumors.com forum member Zneo11 has created a brilliant theme compatible with Leopard’s iChat called “iPod Person”. As the name (and photos imply), “iPod Person” allows you to look like (if not dance like) those wacky iPod people we’ve all grown to know and tolerate. (And yes, the background colors change automatically!).
And, it looks like Zneo11 isn’t the only having fun with the new iChat this weekend, as fellow MacRumors member elbows was able to create the missing iChat Star Wars hologram effect as well.
Installing these themes is easy, just unzip them into your /Library/Compositions/ directory and you’re good to go. Thanks to faithful Macenstein reader The Hendry for the tip!
Rumor: I am buying a new MacBook on Tuesday
According to MacRumors, I will be buying a new MacBook this Tuesday, and I am very excited!
Allegedly, my new MacBook will sport the updated Intel GMA X3100 integrated graphics chip, which implies I will be getting the Santa Rosa chipset as well. I can neither confirm nor deny this rumor until I check with my wife (keeper of the checkbook), but reliable sources have confirmed to me that if I can somehow outline that a convincing case that a MacBook is necessary for “research purposes”, I may be able to get away with it.
Unfortunately, these same sources have also confirmed that we are flat broke. But hey. You have to spend money to make money, right? Only 2 more days ’till we know for sure!
Apple releases Login & Keychain Update for Leopard
Well, it comes a day late for me… but hopefully this will help the rest of you would-be Leopard updaters.
About the Login & Keychain Update 1.0
The Login & Keychain Update 1.0 for Mac OS X 10.5 Leopard is recommended for all Leopard installations. It addresses issues you may encounter when:Logging in with an account originally created in Mac OS X 10.1 or earlier that has a password of 8 or more characters.
Connecting to some 802.11b/g wireless networks.
Changing the password of a FileVault-protected account.
Available in your Software Update.
