Jakarta - Threat of new strike the Mac operating system re-emerged. Shaped Threat Trojan is successfully detected as OSX / Revir.A and OSX / Imuler.A.ESET antivirus firm found that a new Trojan is quite interesting because it appears in the form of PDF files and targeting Macintosh computers to speak Mandarin. PDF files on the Trojan takes advantage of the political situation between China and Japan to contain a political writings related to the ownership dispute Diayou Islands in between.
Mode of the Mac Trojan itself is when a user opens a PDF file, the Trojan will hide the content of the installation process by displaying PDF documents on the territorial dispute. Well, curious users who unwittingly sucked his attention, and it was the installation process is underway.
"Trojan who present themselves as a PDF is a common mode that attack the Windows operating system, will usually be seen as. Pdf.exe with a double file extension will make it become increasingly crafty in hiding," said Yudhi Strong, Technical Consultant ESET Indonesia.
For Mac computer platform, he added, such malware is still fairly new. Therefore, Yudhi recommend that Mac users are always alert to the presence of intangible PDF files. "Because the charges will vary with the PDF in general," said Strong in his statement on Monday (3/10/2011).
Not finished with OSX Trojan / Revir.A and OSX / Imuler.A that attack the Mac platform in Mandarin, another threat emerged that target on Apple computer's operating system Mac OS X Lion (10.7). Threat is identified as OSX / Flashback.A classified Trojan category. As for the mode, the Trojan is installed on the Mac computer platform via the Adobe Flash installer is downloaded from a fake third-party sites or sites that distribute content Mac applications.
When compared with malware that has been previously identified and Revir MacDefender ie, malware Flashback to attack users who frequently use social networking sites to attract users into downloading the malware and eventually will be installed.
Malware Flashback was originally entrenched in the site that invites users to install Flash on the pretext of watching certain content. But then the user must 'choose' to install the software "Flash Player", then proceed to the regular installation process until the malware is ready to work.
In the process of installation, the malware will bring up the standard installer display on the computer screen to create a backdoor via the dynamic loader library (dyld) known as Preferences.dylib.
Once installed, the malware that uses RC4 encryption to communicate to a remote server sends data such as address Mac users, version used, UUID, and others. Malware OSX / Flashback.A also potentially be used as a carrier by malware developers to help inject malicious code into the target Mac.
Source:
0 komentar:
Post a Comment