Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

Mac Trojan disguised as Flash Player initiates redirection attack

Posted on 02.08.2011

There's a new Mac OS X Trojan in town, and it masquerades as a FlashPlayer.pkg installer, warns F-Secure.

"Once installed, the trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 91.224.160.26, which is located in Netherlands," say the researchers.

The infected users are consequently faced with a fake Google Search page that looks very much like the legitimate one and is unlikely to raise suspicions as the URL in the address bar says google.com.tw or similar (but without the www).

When the victim uses the search, he is given seemingly credible search results:

Unfortunately for him, a click on any of the offered links doesn't result in him being taken to the destination sites, but triggers pop-up pages.

These pages are currently empty, since remote server from which the content is pulled is down at the moment, but that doesn't mean that it won't be up very soon and start serving ads or links to malicious content.

Users are advised to be careful when downloading software or updates from the Internet - it's always best to download it from official product pages.