Weyland-Yutani trojan targets Mac OS

Any research, news or information regarding the wide variety of techniques criminals use to take over your computers or web servers.

Weyland-Yutani trojan targets Mac OS

Postby AlphaCentauri » Mon May 02, 2011 6:22 pm

http://www.zdnet.com/blog/bott/coming-s ... lware/3212
http://krebsonsecurity.com/2011/05/weyl ... -for-bots/

Modeled on the ZeuS and SpyEye password stealing crime kits, it allows criminals to customize trojans to infect computers running MacOS. While Macs won't install the stuff silently the way Windows will, it's not that hard to use social engineering to fool a user into infecting his own computer voluntarily.

Since most Mac users aren't using antivirus products, and since most have been lulled into a false belief that they can click on anything they want and not worry about getting infected, this could take off. In particular, since the trojan will be producing things that look like Mac OS system functions instead of Windows functions, Mac users are very likely to consider them trustworthy unless forewarned.

Oh, and the funny name? That's the name of the corporation sponsoring the space exploration missions in the Alien series of science fiction films -- you know, where the nasty creatures get inserted into victims and gestate inside them? Pretty apt metaphor for a trojan horse program.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: Weyland-Yutani trojan targets Mac OS

Postby NotBuyingIt » Sun May 08, 2011 11:17 am

My MacOS Safari browser was "hit" with the fake AV today, most likely by an advertisement on the Hotmail website that executed (using onMouseOver perhaps?)

hXXp://jackerst.com/?id=541687

which automatically redirected to a fake anit-virus warning page at

hXXp://69.50.202.201/3f739ff146231e4c5ee79e5436bdcc0194dcce07defa2d59

which contains obfuscated JavaScript and, according to the Safari browser's Web Inspector, tried to push a ZIP file anti-malware.zip with malicious content

hXXp://69.50.202.201/files/493c50d876b9a12afa05d7cdc0599577776ca5427440191e.zip

There was no preliminary Windows-style display which earlier incidents mentioned. The English grammar in the exploit was poor:
Apple security alert wrote:To help protect your computer, Apple Web Security have detected Trojans and ready to remove them.
NotBuyingIt
Spammer Killing Machine
 
Posts: 609
Joined: Sun Jun 13, 2010 5:22 pm

Re: Weyland-Yutani trojan targets Mac OS

Postby NotBuyingIt » Sat May 14, 2011 1:06 am

AlphaCentauri's similar thread on a WoT forum at
http://www.mywot.com/en/forum/11668-a-f ... -mac-users
has a nice discussion about legitimate anti-virus software for Mac users to protect against the fake stuff as well as other common sense advice.

[Edit] I do not at all like the way that the above URL is displayed: -f...-mac-users :roll:
NotBuyingIt
Spammer Killing Machine
 
Posts: 609
Joined: Sun Jun 13, 2010 5:22 pm


Return to Botnets, Hijacks and Hacking

Who is online

Users browsing this forum: No registered users and 1 guest

cron