For some reason — probably a dearth of big news in the height of vacation season — there’ve been a lot of retrospective articles on the security news sites we monitor. It’s a good day to read about the history of viruses and their explosive growth. It was kind of like stepping into a time warp or something. Stories about Slammer, Blaster, SoBig.
Then Patrick Jordan drew our attention to a piece he saw: a Trojan aimed at Macs that changes the Domain Naming System is circulating, according to Trend Micro. It claims to be a QuickTime Player update and carries the name “QuickTimeUpdate.dmg.” Users are prompted to download it when they try to view online videos from malicious sites.
Trend’s posting here.
Here’s our blog posting from the last time we saw this:
Sunday, December 16, 2007
Another DNSChanger codec variant to stay away from – codecnice
Pushes both Windows and Mac Trojan.DNSChanger. Sample binaries: Mac: codecnice(dot)net/download/codecnice1126.(dot)dmg. Windows: codecnice(dot)net/download/codecnice1126.(dot)exe.
Not so nice . . .
As always, please don’t touch these binaries unless you know what you’re doing as they are live Trojans.
2007 post by Adam Thomas here.