Those behind the "Dorf" malware decided to make use of April Fool's Day to launch another spam/malware attack, says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
SophosLabs spam traps were hit hard on 1 April by many messages with varying body and subject lines attempting to direct users to an IP-based URL pointing to a machine hosting malware, he says.
Example subject lines included: 'All Fools' Day'; 'April Fools' Day'; 'Doh! All's Fool', 'Gotcha!', 'Happy All Fool's Day', 'Happy April Fools!', 'I am a Fool for your Love', and 'Today's Joke!'.
While the content of the e-mail varied, the page seems to remain static, and is being detected as Troj/DorfHtml-B, says Myroff.
Another Trojan
"Following the discovery this week of another Trojan horse for the Mac OS X platform, Apple Mac users have been advised to ensure they continue to take personal computer security seriously and have a secure defence in place," he says.
The Trojan, named Troj/MacSwp-B (also known as Imunizator), tries to scare Mac users into purchasing unnecessary software by claiming privacy issues have been discovered on the computer, Myroff explains.
"Windows users are no stranger to scareware like this, but it is rarer on the Apple Macintosh. Nevertheless, MacSwp-B's discovery does follow fast on the heels of other malware that has been identified on the Mac OS X platform in recent months."
More threats
According to Myroff, low to medium threats this week include Mal/ObfJS-AF, a maliciously obfuscated script often seen associated with browser exploit toolkits which attempt to download and execute a further file by exploiting a variety of browser vulnerabilities. This downloaded file is often a member of the Dorf family of Trojans.
The Troj/Banloa-FC Trojan was also detected and affects the Windows platform.
Troj/Dloadr-BKD was also seen this week. It affects Windows users and drops msinet.ocx, which is a clean file used to manage Internet communications.
Troj/Dloadr-BKE, another Trojan for the Windows OS, attempts to create and download a file to <Windows>\svchost.exe. This Trojan often appears in spam, says Myroff.
"The Trojan displays fake spyware alerts for trying to lure the user into installing software from a remote location."
While small in comparison to Windows attacks, cyber-crime against Mac users is growing. "Apple Macintosh users need to learn from the mistakes made by their Windows cousins in the past and ensure they have defences in place, are up-to-date with patches and exercise caution about what they run on their computer," Myroff concludes.
Share
Editorial contacts