Manage updates with the Download App
New Version of Imuler Trojan Masquerades as Image Files
by Carol~ 
- 3/19/12 2:04 PM
In Reply to: NEWS - March 19, 2012 by Carol~
From The Mac Security Blog:
Intego has discovered a new version of the Imuler Trojan horse, which the company first discovered in September, 2011. At the time, the sample discovered masqueraded as a PDF file containing Chinese text. This was not found in the wild, and the risk was considered to be low.
The latest version, Imuler.C, has been found to be disguised as image files. Intego found two samples of this malware on the VirusTotal website, a site used by security companies to share malware samples. Two samples were found, both in zip archives: "Pictures and the Ariticle of Renzin Dorjee.zip" and "FHM Feb Cover Girl Irina Shayk H-Res Pics.zip." In both cases, an application was included among the various files, with an icon making it look like an image: [Screenshot]
This technique is not new, and takes advantage of a default setting in the Mac OS X Finder, whereby file extensions are not displayed. Users double-clicking on the application launch the malware, which quickly deletes itself, replacing the original application with a real JPEG image corresponding to the one that was an application, and displays this image in the user's default image viewer. There is no visible trace of the application after this point.
Continued : http://blog.intego.com/new-version-of-imuler-trojan-horse-masquerades-as-image-files/
From F-Secure: Mac Malware at the Moment
Unread
Read
Locked thread
Moderator
CNET Staff
Samsung Staff
Norton Authorized Support Team
AVG Staff
avast! Staff
Webroot Support Team
Acer Customer Experience Team
Windows Outreach Team
Dell Staff
Intel Staff
Question
Resolved question
General discussion
Tip
Alert or warning
Praise
Rant