<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Once again, the Zlob gang has released a new OSX-targeted trojan - very similar to their previous work.<div><br></div><div>It sits on dodgy or infected websites proporting to offer funny or explicit videos. When you attempt to view said video, you are told you are lacking a required Codec and are prompted to download either an EXE (Windows) or a DMG (OSX) file.</div><div><br></div><div>When you download the DMG, it contains a normal looking "install.pkg" file that then installs some Really Bad Stuff on your Mac. Most notably, it redirects your DNS requests to some rogue servers in the Ukraine. This lets them redirect any web traffic you type in to their own fake sites - for example, <a href="http://www.google.com">www.google.com</a> would be redirected to a fake google.</div><div><br></div><div>So please <b>be careful online</b> and not install anything unless you completely trust it. Remember, if OSX asks for your password, it's because it's <b>doing something serious to the machine and needs permission</b>. Don't give permission unless you're sure it's safe.</div><div><br></div><div>More info on the new trojan, called Jahlav-A, can be found here:</div><div><br></div><div><a href="http://www.sophos.com/security/blog/2008/11/2024.html">http://www.sophos.com/security/blog/2008/11/2024.html</a></div><div><br></div><div><br></div><div>Note that this is not a "virus" - it can't spread on it's own - it requires you to download and install it for the hacker. Unfortunately, the weakest link in computer security is (and has always been) the user. Don't be that user. :)</div><div><br></div><div>Charles</div><div><br></div><div>PS: It's a testament to Homer that we use the word Trojan (short for Trojan Horse) to define these "fake gifts" containing malicious code. Nice on the outside (like a video codec) but full of enemy soldiers. </div><div><br></div><div><br></div></body></html>