Although Mac OS X Snow Leopard will not be released until Friday, many websites are offering a free download of what is allegedly the new OS. Really, they are just offering up a trojan that will redirect you to phishing websites and possibly install fake antivirus software. Friendly Computers advises you to avoid these websites and purchase the upgrade from Apple when it is released. You can read more below…
Before the August 28 official release of Apple’s OS X Snow Leopard, cybercriminals are already hitchhiking on this to proliferate their malicious activities. Earlier today, Advanced Threat Researcher Feike Hacquebord discovered several fake sites that supposedly give Mac users free copies of the newest version of the Mac OS, Snow Leopard. However, accessing these malicious sites land users to a DNS changer Trojan detected by Trend Micro as OSX_JAHLAV.K.
Once executed, OSX_JAHLAV.K decrypts codes, which include a script that downloads other malicious scripts. The said script then alters the DNS configuration and includes two additional IP addresses in its DNS server. Users are thus possibly redirected to phishing sites and other fraudulent sites. In fact, some of these bogus sites are reportedly hosting FAKEAV (rogue antivirus) variants and components.
As of this writing, all malicious URLs are already blocked by Trend Micro. Users are strongly advised to get only the latest Snow Leopard update directly from the Apple site…
Source: http://blog.trendmicro.com/bogus-snow-leopard-update-sites-lead-to-dns-changers/
