|
Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Threat Diagram shown below.
Malware Overview
This Trojan may be downloaded unknowingly by a user when visiting malicious websites. The said websites encourage users to download software needed to play the video on the said site.
It arrives as .DMG file, which is a MAC OS X mountable disk image file. It contains a .PKG file which contains component files.
When executed, it displays the following graphical user interface installation window:
It then asks for user credentials.
While the said application is being installed in the background, it also executes BASH scripts obfuscated by an SED command. The said script drops a file that sets up a cron job to run one of its component files. The script also executes a PERL script that allows this malware to connect to servers to download another script. Once the downloaded script is executed, settings of certain DNS servers are modified. As a result, users may be redirected to phishing sites or sites where other malware can be downloaded.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jun. 12, 2009 1:44:37 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
