Thu, 01 Nov 2007 Puper Mac malware 'not a drill' McAfee warns

Mac users get second warning over nasty DNS-affecting Trojan Horse

Jonny Evans

Hot on the heels of Intego's declaration of a Trojan Horse exploit affecting Macs comes similar news from McAfee Avert Labs.

McAfee Avert Labs has discovered that the malware family called Puper, which has been plaguing Windows users, is now targeting Mac users.

Question of the day!

Mark Hattersley
Editor in Chief

Do you share your creations online?

Question of the day!

Do you share your creations online?

% of Macworld readers agree with you

Yes

TBC

What do you create and how do you share it?

Follow the conversation at @TabletChat

paintings & illustrations, mostly, which i upload to flickr.RT @fragmentedm

I draw manga/anime characters. I also do graphic design and photography.RT @spialelo

Yes. I usually put them up on my #deviantart account for feedback on how to improve.RT @spialelo

The description of the exploit - which is given on the blog of virus researcher Allysa Myers - sounds remarkably similar to that of the Trojan Horse announced (and named) last night by Intego.

Mac users are being directed to fake codec websites which host malware that changes the settings on their server, warns McAfee.

"This means that when they attempt to visit a website, the malware is able to re-direct them to another website in the background which could be a phishing site."

The Puper malware family has been "plaguing" Windows users since 2005, McAfee warns. It is the same bug that has recently been reported as installing itself from infected MySpace pages.

At present the malware is surfacing on pornographic websites. Like the Intego bug, McAfee warns that users are led to sites which say they must install a new codec to view the videos they offer.

When the newest Puper fake codec site is accessed by a Mac, the file which is offered is a .DMG file rather than the usual .EXE file one would see on Windows.

Depending on your browser settings, this may run automatically. Once it runs, it begins installing an application called MacCodec.

In the background, a script is created which then creates a scheduled task to change the DNS to point to a malicious server. In effect, instead of getting valid entries for websites like you would expect, you’re now getting whatever this malicious site decides to point you to. That could be a phishing site, that could be more malicious files, you can no longer trust that the URL you expected to get will be what is delivered to you.

Avert Labs has identified dozens of different fake codec sites currently serving this Mac malware.

"People have been predicting that as soon as financially motivated malware came to the Mac neighborhood, its denizens could no longer be so smug about security issues. This is a very simple piece of malware, and yet it works. Time will tell if this family will wreak as much havoc as it has on Windows," warns Myers.

RSS
Digg

Email A Friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Permalink This Article

This articles permalink is:
http://www.macworld.co.uk/news/index.cfm?newsid=19553

<<prev article | back to news index | next article>>

Click here for the latest reader comments

Latest News

More news...

iPhone 3G S Video Review

Mac Broadband?

Search news

Search Google

Newsletter signup

It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.

Latest issue: Macworld

Find out what's in this month's Macworld here or buy now.

Macworld reader poll

Are you going to buy an Apple iPad?:

View poll results

Have your say in the
Macworld forums!

Register now

Stay on top of the latest, breaking Mac news and chat with other Mac professionals and enthusiasts about the issues that matter to you. Register with Macworld today to join our forums and receive our twice-weekly email newsletter, Macworld Mainline.

RSS

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.

Subscribe to our feeds here

Latest PC industry news

MACWORLD MARKETPLACE

	Computer & Laptop At Ciao you can read consumer reviews on a large number of Apple products like iPods, iPhones, Apple laptops and Apple computers. Compare prices of your favourite Apple products today.
	Are you a new customer? Are you doubtful? Try it for free! 4 classic products: try with no risks. 48 hours from now!
	Beat the Credit Crunch - Lease your Mac from Hardsoft. Hardsoft are the only 'one stop' solution for the supply and finance of I.T. to businesses throughout the UK via our regional branch offices. We are uniquely both equipment Apple Approved Reseller and licensed Credit Brokers and have tailored a solution which includes a full 3 year warranty and an equipment upgrade every 18 month.
	Circus Ponies NoteBook - the easy way to get organized on the Mac NoteBook is the award-winning application that gets you organized. Store notes in electronic notebooks, add text, drag in files, "clip" web pages and other content. Annotate with diagrams, sketches, highlighting, keywords, even voice recordings. Find anything instantly with NoteBook’s patented Multidex^TM. Publish to the web, including MobileMe.
	50% off ebooks It doesn't get much hotter than Mac OS X and iPhone development - visit http://apress.com/mac. Whatever your level, and whatever your background, Apress offers a complete package of books to get you up and developing for iPhone and Mac OS X. Use the exclusive MacWorld coupon code, MACWORLDOC, at Apress.com to receive 50% off your cart.