MYXed!

MANILA, Philippines–First detected by Internet security firm Intego, a Windows-based Trojan is now threatening to infect Macintosh users.

A computer Trojan is a malicious computer program that appears to be a legitimate program. It is similar to a virus, except that it does not replicate itself. It stays in a computer, usually to do damage or allow somebody to take control of the system.

TrendLabs’ blogreported that a family of ZLOB Trojans, which infected PC users in 2006, is now crossing over to the Mac platform.

In its Mac Security blog, Intego said a malicious computer Trojan has been found on several pornography websites, claiming to install a video codec (compressor/decompressor) necessary to view free pornographic videos.

“If users install this Trojan horse, it uses a sophisticated method to change the Mac’s DNS server (the server that is used to look up the correspondences between domain names and IP addresses for web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web pages displaying ads for other pornographic web sites,” the Intego security alert said.

TrendLabs explained that the ZLOB Trojans had been known to use fake codec downloads as a “social engineering” technique to lure unsuspecting users into downloading damaging software onto their systems.

“Initially, they are also known to affect Windows-based platforms only. Today, this Trojan family seems to be crossing over to the ‘other side’,” Trendlab’s blog added.

The ZLOB Trojan affects Mac OS X.

TrendLabs said that ZLOB Trojan disguises itself as video program, which when opened, tells users that a codec is needed to run the program properly. But the Trojan actually downloads then launches an installer that asks users to enter an administrator password.

Intego has already discovered Mac-targeting Trojans as early as 2004

Erwin Oliva
INQUIRER.net