Select Page

Update: Screenshot posted here. More commentary here.

Also, some useful information here at MacWorld.

Consider the fake media codec — a plague on on Windows PCs these days. Almost always on porn sites, it lures you with something that looks like this:


or this:


And so on.

Well, it’s come to the Mac. One variant of the fake Codec, DNSChanger, is now being seen on Mac porn. From Intego:

A malicious Trojan Horse has been found on several pornography web sites, claiming to install a video codec necessary to view free pornographic videos on Macs. A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites. When the users arrive on one of the web sites, they see still photos from reputed porn videos, and if they click on the stills, thinking they can view the videos, they arrive on a web page that says the following:

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

After the page loads, a disk image (.dmg) file automatically downloads to the user’s Mac. If the user has checked Open “Safe” Files After Downloading in Safari’s General preferences (or similar settings in other browsers), the disk image will mount, and the installer package it contains will launch Installer. If not, and the user wishes to install this codec, they double-click the disk image to mount it, then double-click the package file, named install.pkg.

If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator’s password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the web site, they will simply come to the same page and receive a new download.

Is there any childlike schadenfreude on my part? You tell me. For years, we’ve heard snorts of derision from Mac users about the poor security of PCs. Yet that attitude (as we know from our history books) is a bit dangerous, because it creates a false sense of security.

Now, Mac users will need to be a bit more careful out there (‘cause when Joey wants his pr0n, he wants it now!). On the heels of the release of Leopard, we now find that there is no perfect protection against social engineering, even for a Mac user.

(Note that I have a Mac among the many computers at my house.)

Alex Eckelberry
(Hat tip to Brian Krebs.)