Mac Chick of The Month

Advertisement

Advertisement

New Mac Trojan targets porn viewers (i.e. Everyone)

Intego has issued a rare “critical” security alert for Mac users pertaining to a new Trojan Horse application – primarily spread through visiting adult websites.

Exploit: OSX.RSPlug.A Trojan Horse

Discovered: October 30, 2007

Risk: Critical

Description: A malicious Trojan Horse has been found on several pornography web sites, claiming to install a video codec necessary to view free pornographic videos on Macs. A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites. When the users arrive on one of the web sites, they see still photos from reputed porn videos, and if they click on the stills, thinking they can view the videos, they arrive on a web page that says the following:

“Quicktime Player is unable to play movie file.
Please click here to download new version of codec.”

After the page loads, a disk image (.dmg) file automatically downloads to the user’s Mac. If the user has checked Open “Safe” Files After Downloading in Safari’s General preferences (or similar settings in other browsers), the disk image will mount, and the installer package it contains will launch Installer. If not, and the user wishes to install this codec, they double-click the disk image to mount it, then double-click the package file, named install.pkg.

If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator’s password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the web site, they will simply come to the same page and receive a new download.

This Trojan horse, a form of DNSChanger, uses a sophisticated method, via the scutil command, to change the Mac’s DNS server (the server that is used to look up the correspondences between domain names and IP addresses for web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web pages displaying ads for other pornographic web sites. In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be hijacked. In the latter case, it seems that this is being done solely to generate ad revenue.

Under Mac OS X 10.4, there is no way to see the changed DNS server in the operating system’s GUI. Under Mac OS X 10.5, this can be seen in the Advanced Network preferences; the added DNS servers are dimmed, and cannot be removed manually. (Intego is currently testing previous versions of Mac OS X; it is likely that they can be infected as well, since all versions of Mac OS X have the scutil command.)
The Trojan horse also installs a root crontab which checks every minute to ensure that its DNS server is still active. Since changing a network location could change the DNS server, this cron job ensures that, in such a case, the malicious DNS server remains the active server.

This Trojan horse also provides different versions of itself, perhaps according to the country in which the user is located to provide country-specific spoofing. Repeated downloads of the disk image show that there are several different versions.

Perhaps not coincidentally, Intego suggests the best way to combat this Trojan (asides from getting a girlfriend, of course) is ” to run Intego VirusBarrier X4 with its virus definitions dated October 31,2007. Intego VirusBarrier X4 eradicates the malicious code and prevents the Trojan horse from being installed. Intego recommends that users never download and install software from untrusted sources or questionable web sites.”

If you think you might be infected by the Trojan but don’t want to fork over $80 for VirusBarrier (free trial available), Macworld has published a tutorial on how to check for and remove the Trojan using Terminal.

Apple Store displaying Jail broken iPhone

Who can tell these days if anything on the web is real, what with these newfangled computers and all, but if this flickr pic is not ’shopped, it’s a pretty damn funny shot.

[UPDATE: Faithful Macenstein reader max just sent us HIS pics (see below) of the several iPhones he claims to have unlocked at the Biltmore, AZ Apple Store using jailbreakme.com. Seems to be an epidemic!

The comments below have explained away the SMS message alert (the only real question mark in our mind), so yeah, we’re calling these legit. Knowing Apple, we figure by tomorrow jailbreakme.com will be blacklisted from the Apple Store’s Wi-Fi base stations.

Are iCal’s days numbered?

I am SO sorry for that pun. Please forgive me – I honestly tried not to write it, I really did, but I am just not strong enough.

And no, for the record, I do not really think iCal is on the way out, (after all, would Apple have finally fixed the icon if it didn’t think iCal had a long and rosy future ahead of it?) but is anyone else having trouble finding those iCal calendar subscriptions Apple used to make available? Or, for that matter any mention of iCal at all on Apple’s site (aside from its cameo in the 300 new features of Leopard, that is).

Previously, going to Apple.com/iCal brought you to the iCal page where you could find the link to iCal’s calendar library subscription pages – full of goodies such as the latest Movie Releases, or NFL schedules. Now that link redirects you to Leopard’s 300 New Features propaganda page. A quick search of Apple.com reveals iCal is now a very hard app to find info on. iCal’s support page leads you to similar dead ends. Clicking on “Specifications” for iCal brings you to Leopard, and the link Apple’s “Mac 101: iCal” page gives you for the old iCal library page http://www.apple.com/ical/library/ returns Apple’s “Page not found” screen.

For the moment, all the current iCal calendars we had previously subscribed to seem to be working correctly, but it’s not looking good for future Apple served calendars. Can any of you web sleuths find where Apple has hidden iCal’s library page? First one to do so becomes my BFF. Thanks.

Leopard fixes iCal’s icon

I’ve been running Leopard now for about 5 days, and until just now I really couldn’t come up with a good reason to recommend anyone rush out to upgrade to the latest OS. However, thanks to faithful Macenstein reader Bilbo, I feel confident Leopard is worth all of its 12,900 cents. Why? Well, notice anything different about this picture?

That’s right! Bilbo pointed us to a posting over at as 2sentencesorless.com where they were astute enough to notice that Apple has finally listened to our daily feature requests, and fixed iCal’s icon to display the current date in the dock! (It still displays “July 17th” in the Applications folder). I feel ashamed that I did not pick up on that one myself, as, as I said, I pretty much sent Apple a daily feature request on that one.

So yes, thanks to iCal, Leopard actually IS worth $129, and application compatibility be damned, I suggest you rush out and upgrade today.

(Now, who wants to take bets on how long it’ll takes for some old school Tiger fan to hack the icon back to July 17th?)

Using Disk Warrior to repair flaky Leopard Installations

Faithful Macenstein reader Jon writes of with his recent experience in running Disk Warrior to help fix his upity Leopard install.

Good morning! I upgraded to Leopard yesterday on two systems and have some information that might be useful to someone else.

After upgrading my iMac, it acted “flaky.” Some System Preferences would hang as would other things. Before reverting to a backup, I ran DiskWarrior on it. It found a whole slew of inconsistencies introduced by the Leopard upgrade (I ran DiskWarrior immediately before the upgrade, so I know those problems weren’t there beforehand). Anyway, it looks like all of the abnormal behavior was corrected by running DiskWarrior and I’m running smoothly (so far) on Leopard.

Jon was smart enough to not attempt to repair permissions on the Leopard Volume using Disk Warrior, as Alsoft has warned against it for the time being.

So, if your Leopard install is acting “flaky”, as was Jon’s, and you have a copy of Disk Warrior 4.0 (meaning the physical disk) to boot from, you might want to try running it to see if it straightens out your problems before you devote hours to a clean install.

Thanks Jon!

Next Page »

Contest

Advertisement

Product Reviews

IntelliSchool Free is released - Free open source school database system

Our Finest Moments

Where are they now? Interview with Switcher Girl Ellen Feiss

Review: The iCar by Corgi - Possibly the worst iPod accessory EVER

Apple blames iPod nano screen defects on obese Americans/tight pants

Using Safari can slow your system down as much as 76% vs Firefox

Donate Now

iPhone Feature Request

Categories:

Uncategorized  (1) Opinion  (295) Rumors  (182) Product Reviews  (153) News  (634)    Not Mac - But Cool  (25)    Mac News  (1) Humor  (322) Tips/How To  (38) Mac Chick of the Month  (33) Apple Fanboyism  (541) Rampant Speculation  (119) We told you so  (3) That’s Weird…  (59) iPhone  (482) Users Helping Users  (25) Apple TV  (15) Mac mini  (10) Security  (13) iTunes  (59) iPod  (67) contests  (93) offensive to anorexics  (2) iMacs  (19) OS X  (55) Awesomeness  (406) video  (162) Microsoft Bashing  (42) Mods  (18) MacBook  (56) Mail  (1) Updates  (59) Slow News Day  (101) MacBook Pro  (42) Not Cool  (71) Apple  (34) iCal  (3) iPod Touch  (111) Photos  (199) Hacks  (53) Celebrity Mac Chick  (110) throw us a bone  (5) iPod shuffle  (15) Free on iTunes  (6) iPod nano  (29) whining  (26) Free Stuff  (98) Games  (83) iLife  (5) Software  (71) iBook  (4) 6 degrees of Steve  (9) Cynicism  (68) AirPort  (2) bugs  (31) final cut express  (1) deals  (16) Newton  (1) QuickTime  (6) WTF  (111) Leopard  (11) Hardware  (71) alcoholism  (3) History  (34) Press releases  (2) design  (90) Xserve  (3) Mac Pro  (10) Theft  (30) MacBook Air  (34) You Bet I’m Pissed  (9) Final Cut Studio  (4) Polls  (8) G4 Cube  (1) Open Source  (1) Geek Love  (7) Steve Jobs  (23) Useless Information  (4) iChat  (3) Music  (2) Doug’s Rumor Corner  (9) eMac  (1) interviews  (7) MobileMe  (3) Mac Celebs  (5) Vandalism  (1) Ain’t too proud to beg  (1) Apple Bashing  (3) I almost died  (1) Ouch!  (3) Glitch  (1)

Advertisement