Aug26

Bogus Snow Leopard Update Sites Lead to DNS Changers 6:42 am (UTC-7)   |    by Bernadette Irinco (Technical Communications)

Tweet

Before the August 28 official release of Apple’s OS X Snow Leopard, cybercriminals are already hitchhiking on this to proliferate their malicious activities. Earlier today, Advanced Threat Researcher Feike Hacquebord discovered several fake sites that supposedly give Mac users free copies of the newest version of the Mac OS, Snow Leopard. However, accessing these malicious sites land users to a DNS changer Trojan detected by Trend Micro as OSX_JAHLAV.K.

Once executed, OSX_JAHLAV.K decrypts codes, which include a script that downloads other malicious scripts. The said script then alters the DNS configuration and includes two additional IP addresses in its DNS server. Users are thus possibly redirected to phishing sites and other fraudulent sites. In fact, some of these bogus sites are reportedly hosting FAKEAV (rogue antivirus) variants and components.

As of this writing, all malicious URLs are already blocked by Trend Micro. Users are strongly advised to get only the latest Snow Leopard update directly from the Apple site, as well as consider using Trend Micro Smart Surfing for Macs.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

Share this article

This entry was posted on Wednesday, August 26th, 2009 at 6:42 am and is filed under Malware, Security . Both comments and pings are currently closed.

36 Responses to “Bogus Snow Leopard Update Sites Lead to DNS Changers”

1. kb Says:
   August 28th, 2009 at 5:01 pm

   so wait? does the real Snow Leopard, with its built-in malware protection, block users from installing this? Anyone know?

2. mike Says:
   October 24th, 2009 at 4:12 pm

   I’ve heard there are some wildlife groups trying to get Apple to do more stuff with the actual S.L.’s in regards to there new snow leopard application lol. I don’t know- people are saying it’s good PR for Apple- they should jump on that.

Trackbacks

1. Bogus Snow Leopard Update Sites Lead to Malware | Malware Blog | Trend Micro « Jared Rimer’s Technology blog and podcast
2. TrendMicro (TrendMicro)
3. g2support (G2 Support)
4. gryffyn (gryffyn)
5. KentuckyExtIT (UK Extension IT NEWS)
6. rphelps (rich phelps)
7. DeclanmWaters (Declan Waters)
8. SecurityGarden (Corrine)
9. Trend Micro Warning — Bogus Snow Leopard Update Site Lead to DNS Changers | Your Home PC Helpdesk
10. markveldhuis (Mark Veldhuis)
11. rik_ferguson (Rik Ferguson)
12. krypt_0s (EL)
13. En elak Snöleopard | jobbdator.se
14. Apple anti-malware? Snow joke! » CounterMeasures
15. Mac OS X 10.6 Snow Leopard » snow leopard, update, vorbestellen, preis, mac os x, apple store » Apps News
16. Searching for Snow Leopard? Careful. | csmonitor.com
17. Snow Leopard | curtis schweitzer (dot) net
18. Warnung vor kostenlosen Snow Leopard Versionen | Apfelphone.net - ’cause it’s not just a phone
19. Trend Micro alerta usuários de Mac sobre sites maliciosos que oferecem update para o Snow Leopard | MacMagazine
20. Achtung – Trojaner « Mac » Freak
21. Notizen vom 28. August 2009
22. Raubkopie von Snow Leopard bringt Trojaner mit | macforlife - think different? be different!
23. Tech Thoughts Daily Net News – August 28, 2009 « Bill Mullins’ Weblog – Tech Thoughts
24. Linkpost | 8.28.2009 - L&C Tech Talk
25. RetroNet » Blog Archive » Descargas ilegales de Snow Leopard con troyanos
26. Beware fake Snow Leopard sites « Friendly Computers Virus Alerts
27. Criminosos atacam fãs de Mac com malware « :.:Hazael Cahungo:.:
28. Tech Thoughts Daily Net News – August 30, 2009 « Bill Mullins’ Weblog – Tech Thoughts
29. Free Virus Filled Mac Snow Leopard Or $29 Upgrade | Technicapped
30. Gullible tempted with ‘free’ Snow Leopard, get trojan instead - MAC.BLORGE
31. Trojaner in illegalen Downloads von Snow Leopard
32. 76’s » Blog Archive » Searching for Snow Leopard? Careful.
33. Beware fake Snow Leopard sites - Design Street
34. Beware fake Snow Leopard sites « R Web Security