Not sure if it will affect Windows PC users, but it looks like the MAC is just as vulnerable to
attacks as any other computer, so beware when getting that Russian content.
http://www.theinquirer.net/inquirer/news/2166228/600-infected-macs-botnet
What do you mean Macs get viruses? According to the late Steve Jobs, Macs didn't get malware! Shame for spreading that rumor.
Like RRSignal, I too fixed many Mac viruses in the past and still do.
Remember ALL computer platforms ar vulnerable and as long as the computer can connect to a network, they are all open for attack no matter where they are in the world. These script and Trojan Horse things, that have been hitting everywhere lately, originate in the Eastern Block countries and are financed by the Russian mob. The writers actually get paid to create variants on the same malware. They generate new forms in about 30 minutes and they become active in 24 hours on the hosting site.
They work by using AJAX, or asynchronous Javascript execution. This means that the script downloads the malware while you are watching something else at the same time. A good example of AJAX in action is Google Maps. While the new data is downloading, you can still browse the maps. Before AJAX you had to wait for new data to be downloaded first. This new method, which isn't so new anymore, changed how the web worked, and allowed for multimedia presentations. The speed of the net helped as well.
Anyway, back to our malware. So the user clicks on a link, the script hosted on the fake link, dumps the bug on the computer. The bug can either wait and do something later, as in a dropper, or it can act right away. The bug then connects to the host and downloads the main malware. These bugs range from fake applications to fake malware fighters. The fake anti-malware software usually posts up a BUY ME to remove the bugs. It will put up a fake screen stating your machine is infected with a gazillion bugs, which is not true (or should not be true). To remove these fake bugs, buy the software. The user is so scared, they will buy the software, which does nothing more than take the credit card information for use by the mob. Nice!
The thing is since thispart of this malware infection process is written as scripts that use a cross platform javascript language, the malware can be developed for any operating system ranging from Unix to Windows. Sadly in Apple's case, Apple has modified a very secure operating system to allow priviledged access to certain system functions via software and this allow things to run easily on the Apple. The other thing too is Apple is now becoming popular so more malware writers are aiming at that platform.
To say you'll get these from Russian Trainz download sites, truthfully yes, but you can even get them from clicking on a link to a non-Russian site as well. I picked up one of these bugs clicking on the link to my local newspaper. I went there to search the obituary because I needed to find out where my friend's father was buried.
Remember what I said about the links above. The virus writers usually release bots that will make infected links to popular searches in the search hosts such as Bing and Google. These links are faked by changing the HREF command. Part of the href points to the link where the other is just displayed text. They change the link part and have that point to the malware download host instead. By making the links popular, they show up on the top-most part of the search engine screen. Using a bit of social engineering here, these guys figured that to get the biggest hits from searches, people will click on the top-most links first, which almost guarantees a hit for the malware.
So having said this, the safest thing you can do is to copy the link, and actually go there using a pasted in URL instead of clicking on the searched results instead. If you need to click on the searched results, use one of the lower links on the same subject. These are the more legit ones. It's the ones at the top part of the page that are infected.
John
