Before the August 28 official release of Apple’s OS X Snow Leopard, cybercriminals are already hitchhiking on this to proliferate their malicious activities. Earlier today, Advanced Threat Researcher Feike Hacquebord discovered several fake sites that supposedly give Mac users free copies of the newest version of the Mac OS, Snow Leopard. However, accessing these malicious sites land users to a DNS changer Trojan detected by Trend Micro as OSX_JAHLAV.K.
Once executed, OSX_JAHLAV.K decrypts codes, which include a script that downloads other malicious scripts. The said script then alters the DNS configuration and includes two additional IP addresses in its DNS server. Users are thus possibly redirected to phishing sites and other fraudulent sites. In fact, some of these bogus sites are reportedly hosting FAKEAV (rogue antivirus) variants and components.
As of this writing, all malicious URLs are already blocked by Trend Micro. Users are strongly advised to get only the latest Snow Leopard update directly from the Apple site, as well as consider using Trend Micro Smart Surfing for Macs.