Flattr this!

Malicious programs to Mac OS X, simply can not compete with the Windows Malicious Software on the prevalence or diversity. But, apparently, malicious programs for OS X can learn from some of the most successful schemes, which are used to trick users Windows-viruses.

Researchers presented a sample of the Trojan running in OS X, which disguises itself in a PDF-file, ie used a technique that has been used successfully by the authors of malicious programs for Windows for several years. A new class of malicious programs hiding within the PDF-file and transfers the backdoor, which is hidden on your computer immediately after opening the malicious file.

According to the analysis, obtained by investigators F-Secure, when a user runs a malicious program to be executed, it retains a malicious PDF to your computer and open it in a way to hide malicious activity that occurs in the background. The Trojan installs a backdoor, which was named Imuler.A, which tries to connect to management server. However, as established researchers, the server is not able to connect to a malicious program, so that a malicious program installed on your computer after the victim is alone. At this point you can not say exactly how this malware is distributed. “The malicious program may attempt to copy itself using the technique that is used by malicious programs for Windows, which open PDF-file containing additional extension . pdf.exe with display an icon corresponding to the PDF-files. But the sample, which is located here, has no such extension or a similar icon.

However, there is another possibility. On a Mac, there is a slight difference, which lies in the fact that the icon is stored in a separate object, which means you can not see OS. Extension and the icon could be lost when the sample is received by us. In this case, the malware may behave even more covert than in Windows, because this sample may use any extension, which zahoet “- said analyst F-Secure. Variants of Windows Malicious Software use similar techniques for hiding itself within a long time. They often include widespread file extensions such as DOC, PDF, XLS, and others in order to entice a user to open a malicious file. In some cases, the malware may not have the correct icon in order to disguise the fake extension, as is the case with Revir.A for Mac OS X, the malware that has found F-Secure. It’s a simple trick, but it is still effective, and users who can afford to run these files, do not pay attention to the potential consequences.