Mac Trojan

Discussion in 'Apple' started by Michelle Steiner, May 6, 2011.

  1. After reading this article (which is funny in and of itself)
    <http://www.starnewsonline.com/article/20100327/COLUMNIST/100329716>

    I googled images of Megan Barnes mugshot. The first hit I got was for a
    picture at mediacenter2u.co.cc, and as soon as I got to that site, Safari
    automatically downloaded a Mac trojan installer. It's the one that made
    news recently.

    I had enough sense not to install it.

    --
    Tea Party Patriots is to Patriotism as
    People's Democratic Republic is to Democracy.
     
    Michelle Steiner, May 6, 2011
    #1
    1. Advertising

  2. Michelle Steiner

    SY Guest

    In article <-september.org>,
    Michelle Steiner <> wrote:

    > After reading this article (which is funny in and of itself)
    > <http://www.starnewsonline.com/article/20100327/COLUMNIST/100329716>
    >
    > I googled images of Megan Barnes mugshot. The first hit I got was for a
    > picture at mediacenter2u.co.cc, and as soon as I got to that site, Safari
    > automatically downloaded a Mac trojan installer. It's the one that made
    > news recently.
    >
    > I had enough sense not to install it.


    Probably...

    http://blog.intego.com/2011/05/06/how-seo-poisoning-works-and-why-you-sho
    uld-care/

    SK.
     
    SY, May 7, 2011
    #2
    1. Advertising

  3. Michelle Steiner

    Paul Sture Guest

    In article <4dc4dcf6$0$4443$4all.nl>,
    SY <> wrote:

    > In article <-september.org>,
    > Michelle Steiner <> wrote:
    >
    > > After reading this article (which is funny in and of itself)
    > > <http://www.starnewsonline.com/article/20100327/COLUMNIST/100329716>
    > >
    > > I googled images of Megan Barnes mugshot. The first hit I got was for a
    > > picture at mediacenter2u.co.cc, and as soon as I got to that site, Safari
    > > automatically downloaded a Mac trojan installer. It's the one that made
    > > news recently.
    > >
    > > I had enough sense not to install it.

    >
    > Probably...
    >
    > <http://blog.intego.com/2011/05/06/how-seo-poisoning-works-and-why-you-should-care/>


    From that link:

    "If you use the Firefox web browser, you should consider installing the
    NoScript add-on, which blocks JavaScript ­ the main way these attacks
    are carried out ­ but allows you to load it, if necessary, for any web
    sites you trust.

    ....

    Unfortunately, there is no such tool for Safari. You can fully turn off
    JavaScript in Safari, though this may block access to certain web sites.
    To do this, go to the program¹s Security preferences, and uncheck Enable
    JavaScript."

    An easier way to block Javascript in Safari is to enable the Development
    menu:

    Safari Preferences -> Advanced -> and check "Show Development menu in
    menu bar".

    You can then toggle Javascript on and off at will. Don't forget to turn
    it off after you are done with it for it is global and applies to all
    Safari tabs and windows open, and the current setting wil stick across a
    quit and restart of Safari.

    --
    Paul Sture
     
    Paul Sture, May 7, 2011
    #3
  4. Michelle Steiner

    Salmon Egg Guest

    In article <-september.org>,
    Michelle Steiner <> wrote:

    > After reading this article (which is funny in and of itself)
    > <http://www.starnewsonline.com/article/20100327/COLUMNIST/100329716>
    >
    > I googled images of Megan Barnes mugshot. The first hit I got was for a
    > picture at mediacenter2u.co.cc, and as soon as I got to that site, Safari
    > automatically downloaded a Mac trojan installer. It's the one that made
    > news recently.
    >
    > I had enough sense not to install it.


    I think this may be the same malware I ran into here earlier. It tries
    to palm itself off as a legitimate antivirus program MacDefender.
    Although I have received some ideas on how to handle it, it still is a
    pain. It is difficult to leave gracefully. I have had to force quit.That
    leaves behind the download installation package.

    It would be good if Apple modified Safari to preven or at least warning
    before connecting to malevolent links. There should be a way of
    interrupting the process and adding the bad link to a do-not-link-list.

    bill

    --
    If inflation is under control, why is my dollar now worth only 2¢ of my youth?

    I considered huge valuegains for electronics.
     
    Salmon Egg, May 7, 2011
    #4
  5. Michelle Steiner

    nospam Guest

    In article <>,
    Salmon Egg <> wrote:

    > It would be good if Apple modified Safari to preven or at least warning
    > before connecting to malevolent links. There should be a way of
    > interrupting the process and adding the bad link to a do-not-link-list.


    or just disable open safe files. why is that enabled by default????
    that's just asking for trouble.
     
    nospam, May 7, 2011
    #5
  6. Michelle Steiner

    Alan Browne Guest

    On 2011-05-06 17:25 , Michelle Steiner wrote:
    > After reading this article (which is funny in and of itself)
    > <http://www.starnewsonline.com/article/20100327/COLUMNIST/100329716>
    >
    > I googled images of Megan Barnes mugshot. The first hit I got was for a
    > picture at mediacenter2u.co.cc, and as soon as I got to that site, Safari
    > automatically downloaded a Mac trojan installer. It's the one that made
    > news recently.
    >
    > I had enough sense not to install it.


    Oh come on! Be a lab for us!

    --
    gmail originated posts filtered due to spam.
     
    Alan Browne, May 7, 2011
    #6
  7. Michelle Steiner

    Alan Browne Guest

    On 2011-05-06 17:25 , Michelle Steiner wrote:
    > After reading this article (which is funny in and of itself)
    > <http://www.starnewsonline.com/article/20100327/COLUMNIST/100329716>


    Worth a read.

    >
    > I googled images of Megan Barnes mugshot. The first hit I got was for a
    > picture at mediacenter2u.co.cc, and as soon as I got to that site, Safari
    > automatically downloaded a Mac trojan installer. It's the one that made
    > news recently.
    >
    > I had enough sense not to install it.


    Which photo? - I want to see if Chrome will DL it.

    I don't see a "Megan Barnes" there. And after reading the article, not
    sure I do.

    --
    gmail originated posts filtered due to spam.
     
    Alan Browne, May 7, 2011
    #7
  8. Michelle Steiner

    Alan Browne Guest

    On 2011-05-07 01:47 , SY wrote:
    > In article<-september.org>,
    > Michelle Steiner<> wrote:
    >
    >> After reading this article (which is funny in and of itself)
    >> <http://www.starnewsonline.com/article/20100327/COLUMNIST/100329716>
    >>
    >> I googled images of Megan Barnes mugshot. The first hit I got was for a
    >> picture at mediacenter2u.co.cc, and as soon as I got to that site, Safari
    >> automatically downloaded a Mac trojan installer. It's the one that made
    >> news recently.
    >>
    >> I had enough sense not to install it.

    >
    > Probably...
    >
    > http://blog.intego.com/2011/05/06/how-seo-poisoning-works-and-why-you-sho
    > uld-care/


    It may be time that those who have poor self defense skills start
    loading AV onto their Mac's.

    --
    gmail originated posts filtered due to spam.
     
    Alan Browne, May 7, 2011
    #8
  9. In article <>,
    Alan Browne <> wrote:

    > > I had enough sense not to install it.

    >
    > Which photo? - I want to see if Chrome will DL it.
    >
    > I don't see a "Megan Barnes" there. And after reading the article, not
    > sure I do.


    Navigate to <http://images.google.com>, then enter "megan barnes mugshot"
    in the search field. On my system, the first picture is the one that gets
    you the trojan; its name is "MacProtector.mpkg".

    On my system, Chrome downloaded it, but did not automatically unzip it.

    --
    Tea Party Patriots is to Patriotism as
    People's Democratic Republic is to Democracy.
     
    Michelle Steiner, May 7, 2011
    #9
  10. In article <>,
    Alan Browne <> wrote:

    > > I googled images of Megan Barnes mugshot. The first hit I got was for a
    > > picture at mediacenter2u.co.cc, and as soon as I got to that site, Safari
    > > automatically downloaded a Mac trojan installer. It's the one that made
    > > news recently.
    > >
    > > I had enough sense not to install it.

    >
    > Oh come on! Be a lab for us!


    I am not a lab. I'm not a shepherd. I'm not a retriever. Some have
    called me a pit bull, though, but I'm not that either.

    --
    Tea Party Patriots is to Patriotism as
    People's Democratic Republic is to Democracy.
     
    Michelle Steiner, May 7, 2011
    #10
  11. In article <>,
    Salmon Egg <> wrote:

    > I think this may be the same malware I ran into here earlier. It tries
    > to palm itself off as a legitimate antivirus program MacDefender.
    > Although I have received some ideas on how to handle it, it still is a
    > pain. It is difficult to leave gracefully. I have had to force quit.That
    > leaves behind the download installation package.


    I didn't have that problem; I could close the window without problems.

    > It would be good if Apple modified Safari to preven or at least warning
    > before connecting to malevolent links. There should be a way of
    > interrupting the process and adding the bad link to a do-not-link-list.


    mediacenter2u.co.cc is a legitimate site, but the trojan link hijacks and
    redirects it.

    --
    Tea Party Patriots is to Patriotism as
    People's Democratic Republic is to Democracy.
     
    Michelle Steiner, May 7, 2011
    #11
  12. Michelle Steiner

    Warren Oates Guest

    In article <-september.org>,
    Michelle Steiner <> wrote:

    > Navigate to <http://images.google.com>, then enter "megan barnes mugshot"
    > in the search field. On my system, the first picture is the one that gets
    > you the trojan; its name is "MacProtector.mpkg".
    >
    > On my system, Chrome downloaded it, but did not automatically unzip it.


    OMG I have 90 viruses!!!!!!1!

    LNQOL

    (Chrome d'loaded it, but of course didn't unzip it; I've turned that
    feature off. Save everything to the desktop where I can see it.)

    It's a cute page, it looks like a finder window, with the little
    flashing red numbers where the virii are lurking and everything.
    --
    If you could teach a cat to dance,
    you'd never have to leave the house.
    -- Pat Sajak
     
    Warren Oates, May 7, 2011
    #12
  13. In article <4dc56383$0$9168$c3e8da3$>,
    Warren Oates <> wrote:

    > It's a cute page, it looks like a finder window, with the little
    > flashing red numbers where the virii are lurking and everything.


    Yeah, that's what I thought too.

    --
    Tea Party Patriots is to Patriotism as
    People's Democratic Republic is to Democracy.
     
    Michelle Steiner, May 7, 2011
    #13
  14. In article <4dc56383$0$9168$c3e8da3$>,
    Warren Oates <> wrote:

    > > Navigate to <http://images.google.com>, then enter "megan barnes
    > > mugshot" in the search field. On my system, the first picture is the
    > > one that gets you the trojan; its name is "MacProtector.mpkg".
    > >
    > > On my system, Chrome downloaded it, but did not automatically unzip
    > > it.

    >
    > OMG I have 90 viruses!!!!!!1!


    the Macalope at Macworld.com has an interesting insight into this trojan:

    "If Mac users are so convinced that OS X is invulnerable then the
    Weyland-Yutani BOT will be an abject failure, because it¹s disguised as
    virus-detection software‹which Mac users don¹t think they need. Right?
    Can¹t have it both ways, guys."

    --
    Tea Party Patriots is to Patriotism as
    People's Democratic Republic is to Democracy.
     
    Michelle Steiner, May 7, 2011
    #14
  15. Michelle Steiner

    Alan Browne Guest

    On 2011-05-07 10:50 , Michelle Steiner wrote:
    > In article<>,
    > Alan Browne<> wrote:
    >
    >>> I had enough sense not to install it.

    >>
    >> Which photo? - I want to see if Chrome will DL it.
    >>
    >> I don't see a "Megan Barnes" there. And after reading the article, not
    >> sure I do.

    >
    > Navigate to<http://images.google.com>, then enter "megan barnes mugshot"
    > in the search field. On my system, the first picture is the one that gets
    > you the trojan; its name is "MacProtector.mpkg".
    >
    > On my system, Chrome downloaded it, but did not automatically unzip it.


    Several sites. None DL'd a trojan (Chrome or Safari).

    Maybe it's been removed (or moved on) by now.

    --
    gmail originated posts filtered due to spam.
     
    Alan Browne, May 7, 2011
    #15
  16. Michelle Steiner

    Alan Browne Guest

    On 2011-05-07 10:51 , Michelle Steiner wrote:
    > In article<>,
    > Alan Browne<> wrote:
    >
    >>> I googled images of Megan Barnes mugshot. The first hit I got was for a
    >>> picture at mediacenter2u.co.cc, and as soon as I got to that site, Safari
    >>> automatically downloaded a Mac trojan installer. It's the one that made
    >>> news recently.
    >>>
    >>> I had enough sense not to install it.

    >>
    >> Oh come on! Be a lab for us!

    >
    > I am not a lab. I'm not a shepherd. I'm not a retriever. Some have
    > called me a pit bull, though, but I'm not that either.


    ;-)

    Never poodle? Allez Fi-Fi!

    --
    gmail originated posts filtered due to spam.
     
    Alan Browne, May 7, 2011
    #16
  17. Michelle Steiner

    Alan Browne Guest

    On 2011-05-07 11:55 , Michelle Steiner wrote:
    > In article<4dc56383$0$9168$c3e8da3$>,
    > Warren Oates<> wrote:
    >
    >>> Navigate to<http://images.google.com>, then enter "megan barnes
    >>> mugshot" in the search field. On my system, the first picture is the
    >>> one that gets you the trojan; its name is "MacProtector.mpkg".
    >>>
    >>> On my system, Chrome downloaded it, but did not automatically unzip
    >>> it.

    >>
    >> OMG I have 90 viruses!!!!!!1!

    >
    > the Macalope at Macworld.com has an interesting insight into this trojan:
    >
    > "If Mac users are so convinced that OS X is invulnerable then the
    > Weyland-Yutani BOT will be an abject failure, because it¹s disguised as
    > virus-detection software‹which Mac users don¹t think they need. Right?
    > Can¹t have it both ways, guys."


    Given the high number of recent Max adopters, there are bound to be
    leaks coming through...

    --
    gmail originated posts filtered due to spam.
     
    Alan Browne, May 7, 2011
    #17
  18. Michelle Steiner

    Davoud Guest

    Alan Browne wrote:

    > It may be time that those who have poor self defense skills start
    > loading AV onto their Mac's.


    My experience in the Windows world tells me that those who have poor
    self-defense awareness are also less likely to install and/or maintain
    anti-malware utilities. I doubt if Mac users are /that/ much smarter
    than Windows users. Those who get it, get it, those who don't, don't.

    I think that I get it--I religiously maintain and update my
    anti-malware utility on Windows--but I am not going to install such
    software on the Mac OS until someone figures out a way to breach the OS
    without my cooperation.

    Davoud

    --
    I agree with almost everything that you have said and almost everything that
    you will say in your entire life.

    usenet *at* davidillig dawt cawm
     
    Davoud, May 8, 2011
    #18
  19. On 11-05-07 9:50 AM, Michelle Steiner wrote:

    > Navigate to <http://images.google.com>, then enter "megan barnes mugshot"
    > in the search field. On my system, the first picture is the one that gets
    > you the trojan; its name is "MacProtector.mpkg".


    Oooh. Cool. Chrome downloaded the zip file for me twice and the page
    itself is certainly tuned (not perfectly) to look Mac-ish.

    I haven't yet peeked into the zip files to see what they contain.

    > On my system, Chrome downloaded it, but did not automatically unzip it.


    Yep. That's what I see.

    Cheers,

    -j


    --
    Jeffrey Goldberg http://goldmark.org/jeff/
    I rarely read HTML or poorly quoting posts
    Reply-To address is valid
     
    Jeffrey Goldberg, May 8, 2011
    #19
  20. On 11-05-07 10:21 AM, Warren Oates wrote:

    > It's a cute page, it looks like a finder window, with the little
    > flashing red numbers where the virii are lurking and everything.


    The fonts are off and the "Apple security alert" panel looks more
    Lion-like than Leopard-like.

    But the Apple security center icon is really good looking.

    I've unpacked the download as far as I'm willing to go with it. I have
    neither to tools nor the skills to try to disassemble the actual binary
    that I get.

    Cheers,

    -j


    --
    Jeffrey Goldberg http://goldmark.org/jeff/
    I rarely read HTML or poorly quoting posts
    Reply-To address is valid
     
    Jeffrey Goldberg, May 8, 2011
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Wes Groleau

    SbuSeven trojan for Mac ?

    Wes Groleau, Apr 25, 2005, in forum: Apple
    Replies:
    1
    Views:
    191
    Wes Groleau
    Apr 26, 2005
  2. Derek Currie
    Replies:
    83
    Views:
    1,100
    Hans Aberg
    Aug 24, 2006
  3. opl
    Replies:
    11
    Views:
    450
  4. Michelle Steiner

    New Mac Trojan Horse???

    Michelle Steiner, Oct 31, 2007, in forum: Apple
    Replies:
    22
    Views:
    521
    nospamatall
    Nov 3, 2007
  5. Lawson English
    Replies:
    1
    Views:
    243
    nospamatall
    Mar 4, 2008
Loading...

Share This Page