Mac Trojan disguised as Flash Player initiates redirection attack
Posted on 02.08.2011
There's a new Mac OS X Trojan in town, and it masquerades as a FlashPlayer.pkg installer, warns F-Secure.

"Once installed, the trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 91.224.160.26, which is located in Netherlands," say the researchers.

The infected users are consequently faced with a fake Google Search page that looks very much like the legitimate one and is unlikely to raise suspicions as the URL in the address bar says google.com.tw or similar (but without the www).

When the victim uses the search, he is given seemingly credible search results:


Unfortunately for him, a click on any of the offered links doesn't result in him being taken to the destination sites, but triggers pop-up pages.

These pages are currently empty, since remote server from which the content is pulled is down at the moment, but that doesn't mean that it won't be up very soon and start serving ads or links to malicious content.

Users are advised to be careful when downloading software or updates from the Internet - it's always best to download it from official product pages.






Spotlight

Targeted attack protection via network topology alteration

Posted on 17 October 2014.  |  This article from Trend Micro tackles how network topology can aid in defending the enterprise network from risks posed by targeted attacks.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Oct 20th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //