von Ryan Naraine and Dancho Danchev , September 25th, 2009 / ZDnet
GENEVA — In a sign that cyber-criminals are investing more time
and resources into attacks against Apple’s Mac users, a new malware affiliate program has been
discovered offering 43c for every infected Mac machine.
During an eye-opening presentation at the VB Conference 2009 conference here, Sophos Labs
researcher Dmitry Samosseikko provided a glimpse into the “Partnerka,” a Russian network of
spam and malware affiliates that have turned their attention to the Mac platform — using social
engineering tricks to load fake codecs and scareware programs.
Samosseiko discussed the “codec-partnerka,” which is dedicated solely to the sale and promotion
of fake Mac software.
He pointed to a site called Mac-codec.com (now offline) which was offering $0.43 for each
malicious install, a price tag that suggests the Mac platform is becoming more and more lucrative
to online crime gangs.
The site was also offering various promotional materials in the form of MacOS video players, a
sign that the investment is just more than tricking users into paying for fake security software.
In the past, we have seen the use of porn video lures to trick Mac users into downloadiing and
installing DNS changer Trojans.
The DNS changer Trojans typically change the Mac’s DNS server (the server that is used to look up
the correspondences between domain names and IP addresses for web sites and other Internet
services). When this new, malicious, DNS server is active, it hijacks some web requests, leading
users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web
pages displaying ads for other pornographic web sites
gefunden bei : hxxp://blogs.zdnet.com/security/?p=4451&tag=nl.e539
