Comments on: New OS X Malcode: Not Just a DNSChanger http://ddos.arbornetworks.com/2008/11/new-os-x-malcode-not-just-a-dnschanger/ A weblog dedicated to educating the community on security threats that matter Sun, 29 Jan 2012 02:23:23 +0000 hourly 1 http://wordpress.org/?v= By: New spin on OSX/RSPlug Mac malware | Naked Security http://ddos.arbornetworks.com/2008/11/new-os-x-malcode-not-just-a-dnschanger/comment-page-1/#comment-271297 New spin on OSX/RSPlug Mac malware | Naked Security Mon, 18 Oct 2010 09:18:32 +0000 http://asert.arbornetworks.com/?p=527#comment-271297 [...] will soon add detection for a new Mac Trojan, nicely described by Jose Nazario of Arbor Networks. It will be detected as OSX/Jahlav-A. The Trojan comes as a key generator application MacAccess in [...] [...] will soon add detection for a new Mac Trojan, nicely described by Jose Nazario of Arbor Networks. It will be detected as OSX/Jahlav-A. The Trojan comes as a key generator application MacAccess in [...]

]]> By: matt http://ddos.arbornetworks.com/2008/11/new-os-x-malcode-not-just-a-dnschanger/comment-page-1/#comment-186218 matt Fri, 19 Dec 2008 08:47:24 +0000 http://asert.arbornetworks.com/?p=527#comment-186218 update: i downloaded the DNSChangerRemovalTool My DNS is back to normal but I still have this Adobe Flash in my cron search. after reading several articles tonite, it does seem like that that cron is either wrongly accused of wrong doin or indeed is part of the culprit. Anyone know for sure.. and if it is bad? how do i get rid of that?! update: i downloaded the DNSChangerRemovalTool

My DNS is back to normal but I still have this Adobe Flash in my cron search. after reading several articles tonite, it does seem like that that cron is either wrongly accused of wrong doin or indeed is part of the culprit. Anyone know for sure.. and if it is bad? how do i get rid of that?!

]]> By: matt http://ddos.arbornetworks.com/2008/11/new-os-x-malcode-not-just-a-dnschanger/comment-page-1/#comment-186199 matt Fri, 19 Dec 2008 07:17:33 +0000 http://asert.arbornetworks.com/?p=527#comment-186199 I fell for it - its definitely this macaccess installer Osxjahlava trojan and now have no idea what to do (btw - i got this thru trying to download a firefox plugin for craigslist called Clpicview In trying to fix this situation, i keep coming across sites that describe it but no resource for fixin and removing it i also come across sites claiming to be able to fix it if you buy their software there are other sites that mention an online scan but upon careful readin it looks like its for uploading files to be scanned and screened? which makes sense cause i cant imagine an online service that remote fixes and eliminates this trojan for me. virus barrier apparently does the trick but the trail version only allows you to detect and not fix it? and i dont want to buy the program because im afraid to use my computer to buy anything nor do i want to wait to tomorrow to fix it! i dont know who to trust and worse, i dont even know what kind of danger I'm in. can anyone help me? I fell for it – its definitely this macaccess installer Osxjahlava trojan and now have no idea what to do
(btw – i got this thru trying to download a firefox plugin for craigslist called Clpicview

In trying to fix this situation, i keep coming across sites that describe it but no resource for fixin and removing it

i also come across sites claiming to be able to fix it if you buy their software

there are other sites that mention an online scan but upon careful readin it looks like its for uploading files to be scanned and screened? which makes sense cause i cant imagine an online service that remote fixes and eliminates this trojan for me.

virus barrier apparently does the trick but the trail version only allows you to detect and not fix it? and i dont want to buy the program because im afraid to use my computer to buy anything nor do i want to wait to tomorrow to fix it!

i dont know who to trust and worse, i dont even know what kind of danger I’m in.

can anyone help me?

]]> By: Nicholas Ptacek http://ddos.arbornetworks.com/2008/11/new-os-x-malcode-not-just-a-dnschanger/comment-page-1/#comment-182805 Nicholas Ptacek Mon, 01 Dec 2008 18:33:57 +0000 http://asert.arbornetworks.com/?p=527#comment-182805 Greetings, I was wondering if it would be possible for you to send us samples of the new DNSChanger variant for OS X for further analysis. Thank you for your time and assistance! Greetings,
I was wondering if it would be possible for you to send us samples of the new DNSChanger variant for OS X for further analysis. Thank you for your time and assistance!

]]> By: cw http://ddos.arbornetworks.com/2008/11/new-os-x-malcode-not-just-a-dnschanger/comment-page-1/#comment-182798 cw Mon, 01 Dec 2008 17:40:51 +0000 http://asert.arbornetworks.com/?p=527#comment-182798 It doesn't matter if this is "LAME" - people WILL fall for it. I work in a .edu environment and there are all kinds of people clicking on everything under the sun. It's a hard problem to solve and it's not easily solved with technology. In the meanwhile, messages like this from Jose who has time to perform this analysis are useful to us and others that lack the time & resources to do as much analysis as we'd like to. It doesn’t matter if this is “LAME” – people WILL fall for it. I work in a .edu environment and there are all kinds of people clicking on everything under the sun. It’s a hard problem to solve and it’s not easily solved with technology. In the meanwhile, messages like this from Jose who has time to perform this analysis are useful to us and others that lack the time & resources to do as much analysis as we’d like to.

]]>