Before the August 28 official release of Apple’s OS X Snow Leopard, cybercriminals are already hitchhiking on this to proliferate their malicious activities. Earlier today, Advanced Threat Researcher Feike Hacquebord discovered several fake sites that supposedly give Mac users free copies of the newest version of the Mac OS, Snow Leopard. However, accessing these malicious sites land users to a DNS changer Trojan detected by Trend Micro as OSX_JAHLAV.K.
Once executed, OSX_JAHLAV.K decrypts codes, which include a script that downloads other malicious scripts. The said script then alters the DNS configuration and includes two additional IP addresses in its DNS server. Users are thus possibly redirected to phishing sites and other fraudulent sites. In fact, some of these bogus sites are reportedly hosting FAKEAV (rogue antivirus) variants and components.
As of this writing, all malicious URLs are already blocked by Trend Micro. Users are strongly advised to get only the latest Snow Leopard update directly from the Apple site, as well as consider using Trend Micro Smart Surfing for Macs.
If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!
August 28th, 2009 at 5:01 pm
so wait? does the real Snow Leopard, with its built-in malware protection, block users from installing this? Anyone know?
October 24th, 2009 at 4:12 pm
I’ve heard there are some wildlife groups trying to get Apple to do more stuff with the actual S.L.’s in regards to there new snow leopard application lol. I don’t know- people are saying it’s good PR for Apple- they should jump on that.