August 28th, 2009, 19:25 PM
Experts warn of malicious Snow Leopard sites
Security firm Trend Micro has detected several sites purporting to offer free Snow Leopard upgrades which are in fact packed with malware.
The sites were discovered by advanced threat researcher Feike Hacquebord, who said that, far from delivering an operating system upgrade, the files contain malware known as Jahlav which is designed to entrap Apple users.
"Once executed, OSX_JAHLAV.K decrypts codes which include a script that downloads other malicious scripts," the company said in a blog post.
"The script then alters the DNS configuration and includes two additional IP addresses in its DNS server. Users are thus possibly redirected to phishing and other fraudulent sites. In fact, some of these bogus sites are reportedly hosting FAKEAV variants and components."
Trend Micro said that it is already blocking the sites that host the malware, and is advising Apple users to purchase the Snow Leopard upgrade from Apple directly.