Tag: phishing

First OS X trojan spotted – no need to panic just yet!

There is a great deal of chatter on TechMeme this morning because a trojan has emerged which infects Apple’s OS X!

The trojan is found in pornographic sites masquerading as a video codec.

It isn’t a huge threat because to become infected you need to go through several steps:

When the users arrive on one of the web sites, they see still photos from reputed porn videos, and if they click on the stills, thinking they can view the videos, they arrive on a web page that says the following:

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

After the page loads, a disk image (.dmg) file automatically downloads to the user’s Mac. If the user has checked Open “Safe” Files After Downloading in Safari’s General preferences (or similar settings in other browsers), the disk image will mount, and the installer package it contains will launch Installer. If not, and the user wishes to install this codec, they double-click the disk image to mount it, then double-click the package file, named install.pkg.

If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator’s password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the web site, they will simply come to the same page and receive a new download.

The trojan takes over the Mac’s DNS settings and from time-to-time re-directs the Mac to phishing or pornographic websites.

According to Intego, the security company reporting this trojan:

The best way to protect against this exploit is to run Intego VirusBarrier X4 with its virus definitions dated October 31,2007. Intego VirusBarrier X4 eradicates the malicious code and prevents the Trojan horse from being installed

Right – I can see why they are talking it up then! Stlll, if you do find you Mac bringing you to websites you didn’t ask for and you (or someone using your Mac – ahem!) have recently installed a video codec, maybe you should look into this further.

This is the first major malware reported which is specifically targeted at OS X since the operating system was released in 2001. I guess it is a sign of OS X’s increasing popularity.

Google launches phishing blacklist api

I see on the Google Security Blog that Google have launched a Safe Browsing api.  In other words, Google are making available its dynamic blacklist of phishing and malware sites so ISPs and web app coders can check against it.

This should help ensure unwitting users are notified before they browse to to unsafe sites and submit their confidential information.

Google are actively encouraging 3rd party participation –

Sign up for a key and let us know how we can make the API better. We fully expect to iterate on the design and improve the data behind the API, and we’ll be paying close attention to your feedback as we do that. We look forward to hearing your thoughts.

Great idea guys.

OpenDNS speeds up my feed reader

When you see something new being lauded by Matt Mullenweg (of WordPress fame), Kevin Burton (of TailRank) and Chris Pirillo (of GnomeDex fame) you sit up and take notice.

In this case they are talking up a new service called OpenDNS. OpenDNS is a very simple idea – it is a centralised series of DNS servers which protect you against phishing sites and speed up your browsing.

How do you use the service? Simply change the DNS settings in your computer (or router) to point at OpenDNSs DNS servers ( and and off you go!

They claim to be much faster by enabling huge DNS caches (does this mean changes to a sites DNS settings will propagate more slowly?) and by having their caches “at the major intersections of the Internet” – so far U.S. only.

They also claim to protect you against phishing by comparing sites you want to visit against their database of known phishing attacks. This strikes me as a dubious claim as these sites change daily and keeping up with phishing sites is a fast paced game of leapfrog. Marshal Kirkpatrick is equally skeptical (if not more so!).

The speed difference of using the OpenDNS servers isn’t especially obvious for anyone based in Ireland. Browsing to any of my regular sites is in fact, initially, a little slower then normal (most are not in their cache yet I suspect) but speeds up on second load.

However, one place I did notice a definite speed bump was in my RSS reader. Chris Pirillo mentioned it in passing when he said:

If you use a news aggregator, either one (or both) of these solutions is mandatory

He was correct. Browsing websites might not seem much faster but my NetNewsWire RSS reader refreshed my >200 feeds in a fraction of the time it normally takes. Maybe this is how they should be promoting their service. Anyone else notice this?