|
Description:
This malware may arrive on a system as a file downloaded unknowingly by a user when visiting malicious Web sites. The said Web site encourages users to download software needed to play the video on the said site.
It arrives as a .DMG file, which is a MAC OS X mountable Disk Image file. It contains a .PKG file, which contains component files.
Upon execution, it displays a MacVideo installation GUI. It then asks for user credentials. Once the installer finished installing, it adds files on the system.
While the installer is running, this malware executes the BASH scripts which are identical. These scripts are obfuscated by SED command and contain UUEncoded data.
When the PERL script is executed, it connects to several servers to send HTTP GET requests together with the infected machine’s hostname to download another script file.
The said file contains another UUEncoded data and some SED codes. Upon execution, this script modifies the DNS settings to several malicious DNS servers using SCUTIL GET and SET commands.
As a result, users may be redirected to phishing sites or sites where other malware can be downloaded.
For additional information about this threat, see:
Solution
Technical Details
Description created: Mar. 25, 2009 5:14:38 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
