VXers are targeting Mac fans via a pair of new malware-themed attacks, one of which is on offer through what purports to be a portal for adult videos. The Jahlav-C Mac-specific Trojan poses as an ActiveX update needed to watch grumble flicks, as explained by ParetoLogic here. The same booby-trapped website, which runs code to …
> The Jahlav-C Mac-specific Trojan poses as an ActiveX update
Most reasonably knowledgeable Mac users would know that ActiveX is a Windows only "technology" which is thankfully unavailable for Macs, so that should give the bogus download away immediately!
ActiveX on OS X??
Someone's slip is showing here:
"The Jahlav-C Mac-specific Trojan poses as an ActiveX update needed to watch grumble flicks, as explained by ParetoLogic here."
The blog site referenced in the link shows a screen shot of IE 7 running under Windows, & it's somewhat unfair for you to say that Macs are vulnerable, & then omit the "providing they are running Windows at the time" part.
So the prospective Grumbler has to (1) run Windows on their Mac, (2) visit grumbleware.com, (3) hit the "yes, I agree that I'm an idiot" button, (4) save the .DMG file (5) reboot into OS X (6) do some more stuff that I can't be bothered to figure out.
You must be mistaken
There are no viruses or Trojans that affect Mac systems. And if there were, Mac users would be far too smart to fall for them.
Where's the sarcasm Icon
Smut you say.....can I have a link ?
Uh, not so much on targeting Mac
Note that one is only vulnerable to this trojan if one is using that POS IE. Why would a Mac user do that when there are several much better browsers - including Apple's own Safari?
A second point. Cruising porn is a pretty stupid thing to do to begin with, but not ignoring a pop-up that tells you that you need to install additional software to view a porn video is quite simply moronic.
There are enough Mac users inthe world to induce the writers of viruses and trojans to target them. But Mac uses a UNIX kernel and it's much harder to do. Even when you can get past the superior security model of UNIX, it's even harder to deliver a small payload to do so.
So a few mac noobs get malware, who cares. Move along nothing to see here
although there are less of them, they are better targets
1. they will be less cautious (although, seeing some computers i suspect there are plenty of windows users who will click "allow" to absolutely anything as well)
2. you've got the system to yourself, no competition with other crapware on the system, meaning those credit card details are exclusive to you, and that bandwidth is all yours
It's always handy to have an anti-virus program running no matter what platform you're using. ClamXav is a light-weight, free anti-virus program for OSX.
You know it makes sense.
Tim, I think you've interpreted how this works the wrong way because Pareto just posted a picture of the Windows payload on their blog.
The malware served up is different depending on whether you visit the site using Windows or Mac OS X.
We have a video demonstrating what happens if you visit on a Mac over at
We're seeing more and more of these two-pronged attacks - working out if you're visiting via Windows or a Mac, and serving up the appropriate flavour of malware.
What makes you think it only works on Internet Explorer?
We tried it on IE, Safari and Firefox using Windows and Mac OS X computers.
The attack is based around social engineering rather than a flaw in a browser - so any user with a hunger for porn may find themselves tempted into downloading the codec.
RE: Uh, not so much on targeting Mac
I have not read such drivel in quite a while.
1) IE has not been available for mac in quite a while - it was an ie 5 version that was removed from download in something like 2006.
2) About not ignoring popups or messages etc - that is how most windows machines get infected too! People are not foolproof, that is the point of social engineering.
3) Ah yes the infamous super secure UNIX kernel!! Hold on are you talking about OS X, Linux, Solaris - perhaps FreeBSD? In many ways the NT security model is more flexible than the UNIX one, shame that most people have to run as administrator. Most security vulnerabilities are not kernel-level, but in userland components. In any case, whatever your protections, it is hard to stop a user doing something they want to, because they don't think its a mistake.
Why is cruising for porn a stupid thing to do? During work time maybe, but otherwise it's no more stupid than reading the sport websites, being on Facebook, reading El Reg etc. Just because you don't, doesn't make it stupid.
I've been looking for decent AV software to stick on my Mac for some time. I've had trouble finding any reason to trust any that I've come across so far.
Had no idea that ClamAV, which I run on my FreeBSD servers, had been ported to OSX. Makes sense really - duh. Will install tonight :-)
It's Active-X, moron
Anyone stupid enough to think that _anything_ depending on Active-X will work outside of Windows (and, except in a very few special cases, outside of MSIE) bloody well deserves what he'll be getting. I don't know who're the bigger idiots, the twits who thought this up or the pervs who downloaded it. I do know that they deserve each other. Long may they stay together.
Paris, 'cause I suspect that she's infectious, too.
No 1 security problem with all OS's
you can be using openbsd and if you run some unknown code as root / admin your STILL in trouble.
people who own computers should know how to use them.
I can't wait...
For the mother of all viruses that wipe out the Windoze PCs so that Linux can reign.
Who the hell still surfs for porn?
Torrenting is much more productive and pleasurable. Erm, so I'm told.
"There are enough Mac users in the world to induce the writers of viruses and trojan's to target them" - no, there really is not. Less than 10% OS usage is not a lot by any stretch of the imagination. There are more iPhone users than Mac users.
A fully patched Mac was pawned in less than 2 seconds this year, they are not a s safe as many believe and Apple's very slow response to patch means they put their users at an increasingly high risk.
I always use a resident anti-virus and LittleSnitch as minimum on my macs because I don't trust Apple to get security right on their own.
Chalk up yet another Mac failure......Oh wait there isnt any such thing. Macs are impervious.
Anything can be infected regardless how "well" its made. Fact of life
Does affect Macs
The example that is linked to shows the alert message a person will get if they surf to the fake porn page using Windows and Internet Explorer, but this malware also has a Mac flavor and will attempt to infect people using Mac browsers (including Safari and Firefox).
Anyone on any platform using any Web browser who attempts to "play" one of the promised "movies" will see what looks like a Windows XP Internet Explorer popup window complaining that a new ActiveX control must be installed. The fact that the phony popup looks like an XP dialog window should be a tipoff to Linux, Mac, and Vista users.
In fact, the phony popup "window" is just a graphic, and clicking on it will try to download the malware.
When a user clicks on the phony "dialog" the software on the back end looks at the browser's user-agent strings. If the user-agent string is a Windows browser, it attempts download of a Windows .exe file. If the user-agent string shows a Mac browser, it downloads a file called "QuickTime.dmg" which contains a Mac installer.
If a Mac user downloads the .dmg, then mounts it, then runs the installer, then enters his administration password, then the Mac user will be infected with malware which silently changes the Mac's DNS settings and installs a cron task which will periodically change them again should the user attempt to reset them.
This is nothing new. The Zlob gang has been doing the same thing for over a year; the Mac version of the Zlob malware is occasionally downloaded from nearly identical sites if the site sees a Mac user-agent string.
When ESThosts went dark a while back, the Mac community caught a break; the Mac malware was served up from IP addresses in ESThost's range, and the people responsible for it soon moved the Windows malware downloaders to new servers but it took them quite a while to restore the Mac download servers.
It's a very crude social engineering trick--the phony popup dialogs are designed to look like Windows dialogs, and they talk about installing an ActiveX control. The Mac malware can not install itself (it requires user action and the entry of an administrator password to be installed). It's also not a new trick; the only novel twist is the particular strain of malware being downloaded.
I talked about this at length quite some time ago:
"It's always handy to have an anti-virus program running no matter what platform you're using."
Yes, it handily takes away all the superfluous CPU cycles and RAM thinggies that clog the tubes inside the box. Who needs these anyway?
Also, Mike 85 have a point: Macs are better targets, as Tim 49 quite conveniently proved a couple posts up...
security through obscurity doesn't wash
I don't think it matters what OS your running, you should have some form of AV protection, hell I even have AV software on my mobile even though there's not much of a slim chance that it will catch anything.
I'm prepared, dib, dib an all that.
Mac virus checking (ClamXAV etc)
Those are not to protect the Mac users so much as to prevent you passing on bad files to youw Wintard mates and collegues. IT weenies like to be able to have virus checkers like this running on their macs so that they can have a single virus checker policy across all machines.
Utimately if a user has sudo privileges then there is going to be a chance to cause havoc.
Try the following on any Mac. Guaranteed to clear out any virus (as well as all other files) on a *nix box.
sudo rm -rf /
you need a plug in to watch videos???
welcome to 1997....
>So a few mac noobs get malware, who cares. Move along nothing to see here
I agree except...
Most reports of malware could be dismissed in the same fashion. Its the noobs and simpletons that account for 90% of infections regardless of the OS involved,Mac noobs have it worse because everyone tells them how trouble-free and secure Macs are.
Oh my Abbey account needs verifying again ? Thats the 10th time today, when will they remember my number and password and stop bothering me.
"But Mac uses a UNIX kernel and it's much harder to do. Even when you can get past the superior security model of UNIX, it's even harder to deliver a small payload to do so."
Do you really think that OSX kernel is that much better than Windows Vista (not speaking of pretty dam soon-to-be-release Win7)? You should stop drinking Apple Juice
this is a good place to start www.symantec.com/avcenter/reference/Windows_Vista_Kernel_Mode_Security.pdf
"What's this? I need to download and install this plug-in?"
"Oh well, I might as well. After all, the guy in the Mac commercial says that Macs can't get viruses, so it must be safe."
Er.. Where do you get those stats from? Apple has shipped about 7 million iPhones. Let's assume (albeit wrongly) that ALL of these have been bought by a different customer. So we've got 7 milliion iPhone users.
Now, computers being used Worldwide probably number in the hundreds of millions (over 72 million 'Personal Computers' sold in 2008). Even at a ratio of 1:10 there are still more Macs out there than iPhones.
That aside, even if there were less Macs, 5 million potential marks for a scam still makes a pretty good bet for phishers, scammers and any other kind of scum who ought to be drowned at birth.
@ Mick F
... pawned in less than 2 seconds this year .... via Office for Mac 2004 and Office for Mac 2008, both contained three un patched vulnerabilities.
Which Microsoft, contrary to its own policy then released full disclosure. Once the vulns had been bought to the attention of the hacking community, it then released patches for Windows versions of Office whilst Office for Mac remained exposed.
Cheers Microsoft, thanks for fuck all.
So if youre foolish enough to install Microshites garbage on your Mac, what do you expect?
Watched the video and...
... do you seriously think you are going to sell any of your product by completely patronising the target market? I don't know which fool came up with that idea for the video but showing contempt for the people you are trying to sell your product to will never sell a damned thing to them.
Btw, I will not protect my Mac "the same way you would protect your PC" by installing a worthless and stupidly expensive product that is a doomed failure from the outset, I will protect it by not being a clueless idiot. I would urge other Mac users to do likewise.
Same user, Different OS
I find most windows users are used to virus's and such like, trouble is now average users are buying macs, not spending 1 second to think about AV or anything but they are still as stupid. Same stupid users, different OS will end up in the same results; hacked boxes.
Anyone the person who said Safari is better...are you having a joke? That browser has serious flaws, they did some massive updates recently, and looking on a full-disclosure list, I see more safari hacks then IE in recent times
Are you that desperate for attention to your whiney little "cause" that you feel the need to post stuff like that on threads that having nothing to do with either Linux or Windows? Why don't you toddle off to twitter or facebook or something and leave El Reg for people with something worthwhile to say.. or at the very least you know, on topic
Speaking of the topic..
Apple need to get on top of the situation as regards to Apple security, the dangers of social-engineering attacks are well known and the non-technical nature of the average mac user (along with their somewhat false sense of security) makes them ripe targets for such attacks. Microsoft adopted the ostrich-position in the early days and has been playing catch-up for years as a result, in the long run its cost them a lot of time and money they didn't need to spend. Apple would do well to do their history homework.
RE: Same user, Different OS
Chris Harries wrote: "Anyone the person who said Safari is better...are you having a joke? That browser has serious flaws, they did some massive updates recently, and looking on a full-disclosure list, I see more safari hacks then IE in recent times"
Yeah they did some massive updates. They updated it to Safari 4. As I have know doubt you read on El Reg...
What's your point? What are these flaws?
Where is this "full disclosure list" you mention and who made it? I've never heard of a single Safari hack...
This article is about a social engineering trick, pure and simple. Doesn't matter which platform is being used, stupid users will do stupid things. Don't try and use it as an exuse to say <your favourite OS> is better than <someone else's favourite OS>.
"you should have some form of AV protection, hell I even have AV software on my mobile"
lol better keep an eye on the postman as well, he might be plotting to kill you.
I'm a Mac man - even a fanboy - BUT I'm often asked to look at the Windows boxes of various friends who've got system which are well & truly nadgered.
With a little moderate interrogation applied to the user (i.e. limited use of the cosh, cattleprod & Agadoo tapes) I have found that over the last few years, more & more occurrences are due to what is laughingly called "social proliferation" (when it's damned ANTI-social to perpetrate it).
So, as always, the weakest link in ANY system is the liveware: the cheaper & more commonplace systems become, the greater the number that are bought by those who will just turn it on & use it, without any form of driving lesson, learning etc. With an ever-increasing pool of totally non-savvy users, life becomes a little easier for the ungodly.
Driving tests for computers, anyone?
Year # of Vulns % of Total
1996 2 2.67
1997 1 0.40
1998 1 0.41
1999 5 0.56
2000 8 0.78
2001 11 0.66
2002 30 1.39
2003 27 1.77
2004 33 1.35
2005 69 1.40
2006 127 1.92
2007 224 3.44
2008 226 4.01
2009 114 3.97
Year # of Vulns % of Total
1997 1 0.40
1998 4 1.63
1999 35 3.91
2000 61 5.98
2001 77 4.59
2002 172 7.98
2003 62 4.06
2004 92 3.75
2005 126 2.55
2006 267 4.04
2007 258 3.96
2008 227 4.03
2009 115 4.01