Mac OS X DNS-Changing Trojan in the Wild | Trend Micro | Malware Blog(情報元のブックマーク数)
MacOSXのDNSを変えるようなマルウエアが発見されたとの事。
A Domain Naming System (DNS)-changing Trojan targeting Macs is currently making the rounds disguised as MacCinema Installer (detected by Trend Micro as OSX_JAHLAV.D. This is the latest variant of OSX_JAHLAV.C, which was identified in June.
Mac OS X DNS-Changing Trojan in the Wild - TrendLabs Security Intelligence Blog
感染したらWebトラフィックを改ざんされるのかな?
If infected, a victim’s Web traffic can then be diverted to the website of the attacker’s choosing.
Mac OS X DNS-Changing Trojan in the Wild - TrendLabs Security Intelligence Blog
The Trojan contains component files detected as UNIX_JAHLAV.D and obfuscated scripts detected as PERL_JAHLAV.F. The Perl script then downloads a file from a malicious site and stores it as /tmp/{random 3 numbers}, detected as UNIX_DNSCHAN.AA, which allows a malicious user to monitor the affected user’s activities. This may also cause the user to be redirected to phishing sites or sites where other malware may be downloaded from.
