Published:
September 01 2009, 02:23 AM
by
Methusela Cebrian Ferrer
The wild and deadly fires burning in southern California are still out of control, and for many of us that rely on the internet for news updates, maps, videos and other resources, it is unfortunate that attackers are taking advantage of this event by using it in their social engineering attacks.
A concerned Mac user reported earlier today saying:
"I was looking for maps of the Station Fire in Los Angeles, and one site that claimed it had a map triggered a download of MacCinema. Beware if you are looking for news."
Immediately, we searched and verified this report, and surprisingly it was the #1 hit out of millions of pages in Google’s search results, while for Yahoo, it was the 4th hit.
[Figure 1 - Google Search Result]
[Figure 2 – Yahoo Search Result]
This search result also leads to rogue security software, like Smart Virus Eliminator, which may also re-direct users to other threats as perpetrated by organized cyber-criminals.
For Mac users surfing around and unknowingly clicking any of these malicious pages, they’ll encounter a redirection which ends up serving a “MacCinema” installer as shown below:
Another, Mac user report saying:
"Hi, How do I know if I have malware installed on my computer from trevswerd.com? I was trying to open a page when my browser was hijacked to a blank page with that website as the header followed by a lot of numbers.
…..
PS: I have the new Mac book pro "
Although attackers employ in this case, search engine manipulation and browser hijacking, OSX/Jahlav, also known as “MacCinema”, will still require users to manually install it to cause infection.
It is important to be aware at all times of these types of threats to avoid falling into an attackers trap.