Comments on: Phishing Trojan Targets OS X http://www.liquidmatrix.org/blog/2007/10/31/phishing-trojan-targets-os-x/ Bringing Fire To The Village: Your Source For Computer, Network & Information Security News from Dave Lewis, Security Blogger Fri, 16 May 2008 03:54:19 +0000 http://wordpress.org/?v=2.5.1 By: Vitaliy http://www.liquidmatrix.org/blog/2007/10/31/phishing-trojan-targets-os-x/#comment-60732 Vitaliy Thu, 01 Nov 2007 01:16:43 +0000 http://www.liquidmatrix.org/blog/2007/10/31/phishing-trojan-targets-os-x/#comment-60732 Yeah, forgot to include the link http://www.intego.com/news/ism0705.asp Yeah, forgot to include the link
http://www.intego.com/news/ism0705.asp

]]> By: Dave Lewis http://www.liquidmatrix.org/blog/2007/10/31/phishing-trojan-targets-os-x/#comment-60730 Dave Lewis Thu, 01 Nov 2007 01:15:05 +0000 http://www.liquidmatrix.org/blog/2007/10/31/phishing-trojan-targets-os-x/#comment-60730 @Vitaliy Thats it? Well, that's pretty lame. Thanks for the info. @Vitaliy

Thats it? Well, that’s pretty lame.

Thanks for the info.

]]> By: Vitaliy http://www.liquidmatrix.org/blog/2007/10/31/phishing-trojan-targets-os-x/#comment-60727 Vitaliy Thu, 01 Nov 2007 00:43:12 +0000 http://www.liquidmatrix.org/blog/2007/10/31/phishing-trojan-targets-os-x/#comment-60727 "After the page loads, a disk image (.dmg) file automatically downloads to the user’s Mac. If the user has checked Open “Safe” Files After Downloading in Safari’s General preferences (or similar settings in other browsers), the disk image will mount, and the installer package it contains will launch Installer. If not, and the user wishes to install this codec, they double-click the disk image to mount it, then double-click the package file, named install.pkg. If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator’s password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the web site, they will simply come to the same page and receive a new download." That is taken directly from the "advisory", this is nothing more than a company trying to push their product. “After the page loads, a disk image (.dmg) file automatically downloads to the user’s Mac. If the user has checked Open “Safe” Files After Downloading in Safari’s General preferences (or similar settings in other browsers), the disk image will mount, and the installer package it contains will launch Installer. If not, and the user wishes to install this codec, they double-click the disk image to mount it, then double-click the package file, named install.pkg.

If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator’s password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the web site, they will simply come to the same page and receive a new download.”

That is taken directly from the “advisory”, this is nothing more than a company trying to push their product.

]]>