First Known Mac Trojan Hits the Internet

Submitted by lalit on November 1, 2007 - 7:36pm.

The Trojan appears to be originating from several pornography sites. On the website that have the Trojan, when you click to view a video, you are led to a page with the following prompt:
Quicktime Player is unable to play movie file.
Please click here to download new version of codec.
If you click the link browser starts to download a DMG file. Browser will warn you that its a DMG file containing an application and ask you to click continue or cancel. If you click continue even after browser warning the DMG file will be executed and the Trojan will ask you to provide the admin password to install. If after these warnings you still type in your admin password the Trojan will install and allow external Root level access. The most important thing to know is that you shouldn’t download DMG file without knowing the source or eligibility of the website.