The first is a worm known as Tored-Fam, which spreads via email attachments and is simply a variant on the well known Tored family of malware that has been in circulation since last year. The worm collects email addresses and attempts to forward itself to other computers.A Sophos analysis of the worm's source code suggests that it is being used to build a Mac botnet known as Raedbot. This is being assembled by a malware writer called 'Ag_Raed', who is based in Tunisia.The second piece of malware is a Trojan called Jahlav-C, which is embedded in an bogus pornography web site. Jahlav-C masquerades as an Active X video codec that needs to be downloaded in order to run the content."I've got a theory that, although many people are undoubtedly buying Apple computers because they're beautifully designed and well marketed, there will also be some who have dumped Windows because they are fed up with the spyware, pop-ups and virus attacks," said Graham Cluley, senior technology consultant at Sophos."Indeed, some of the people who may well have suffered a lot from those kind of attacks in the past may be exactly the same kind of folk who visit the grubbier areas of the internet in the wee small hours of the morning."And they may feel that one of the side benefits of switching to a Mac is that they won't have to worry about all of those nasty things while they're watching nasty things."Sophos has posted a video of the Jahlav-C attack on YouTube.
Issue: 315 | May 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.