Quite often Mac users operate under the assumption that they are immune to viruses and malware attacks. The truth is, Mac users make up a smaller percentage of overall users, constituting a smaller target, and thus yielding a smaller reward to the attacker. That is not the same as being bullet proof. Additionally, Microsoft has continually drawn the fire of the hacking community much more often than other companies offering operating systems and applications. This has fostered a false sense of security in the Mac user community. Malware can be written to infect anything, including phones and other handheld devices.
Our position is that users should be vigilant, regardless of their choice of computing platform. Patch your systems often and beware of the sites you visit and the offers/warnings you click on. Below is an example of a website designed to lure in visitors. Once there, they are prompted to take an extra step in order to play a video. This is a common action for many sites, but this particular one uses the user action to launch illicit code. It isn’t only the promise of nudity that is used as a lure for users, so don’t get caught up in being judgmental of the intent of the user visiting this site.
“Hackers have created webpages claiming to contain the notorious Erin Andrews peephole video in their attempt to infect Mac and Windows computers. It’s no surprise that when news broke that a voyeur had secretly filmed her through the peephole of her hotel room door that the internet would be abuzz…
… If you visit from an Apple Mac we identify the malware as the OSX/Jahlav-C Trojan horse. Windows users are also at risk (I almost didn’t need to say that, did I?). When we tested it on a Windows computer we saw it serving up Mal/EncPk-IF on occasions, and at other times rogue anti-virus product Mal/FakeAV-AY.”
Posted on July 19th, 2009 by Graham Cluley, Sophos
Erin Andrews peephole video spreads malware
Author: Jim Cowden (Control Point)
