Mac Users Get A Credit Card Stealing Trojan for Halloween, Security Company Reports: >Hackers are reportedly sticking virtual razor blades into Apple computers'this Halloween, as a Mac security vendor reports Wednesday'that a Mac-focussed Trojan is reportedly loose on the internet costumed as an innocent'video decoding file.

Mac OS X users visiting'malicious porn sites are told to download a special codec'that will let'Apple's Quicktime player to'play'the porn flicks, but instead of adult treats, users get a'malicious trick, according to anti-virus vendor Intego.

The OS X Trojan, which infects a computer after a user chooses to download a proprietary codec, hijacks the infected computer's DNS settings. Internet-connected applications use DNS settings to figure out how to translate URLs, such as Wired.com, into the physical address of a server, according to Intego's alert. By hijacking the DNS, the Trojan is able to redirect visits to'sites such as banks, eBay and'PayPal to fake websites that attempt to harvest user's logins and passwords to commit financial fraud.

A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites. When the users arrive on one of the web sites, they see still photos from reputed porn videos, and if they click on the stills, thinking they can view the videos, they arrive on a web page that says the following:

Quicktime Player is unable to play movie file.

Please click here to download new version of codec.

Update: Sunbelt Software's Alex Eckelberry (who has posted screenshots) and botnet expert Gadi Evron say this is the work of professional cyber-criminals and that Mac users are now on notice that they are targets, too.

Eckelberry writes:

I don't mean to sound breathless about it. As far as we know, it's not widespread. But this is the first targeted, real attack on Mac users by a professional malware group.

Evron goes even further in an email to THREAT LEVEL:

I can sum it up in one sentence: OS X is the new Windows 98.

The same gang infects Windows machines as well, just that now they also target macs.[...]

This means one thing: Apple's day has finally come and Apple users are going to get hit hard. All those unpatched vulnerabilities from years past are going to bite them in the behind.

/UPDATE

Intego says it has written a signature for what it is calling'OSX.RSPlug.A Trojan Horse and that its'software will protect users. Since many Mac users don't use anti-virus software out of the fairly realistic belief that Macs are safer than Windows machines, they should avoid installing software from unknown sources. While this is largely true, Mac users'aren't immune from malware (including'one'to-remain-anonymous scribe'here at Wired who got infected this week).

'This is not the first time Intego has announced it has found an OS X Trojan. In 2004, the security community accused the company of exaggerating proof-of-concept code to sell their software.

A Apple did not immediately answer an email requesting comment.

Photo: Joe Anderson

(Read Original Article - Via Threat Level.)