Fake Snow Leopard sites leading to trojan infections

Criminals are already trying to take advantage of Mac users looking for Apple's Snow Leopard, with websites offering the software for free found to be carrying malware.

Trend Micro security researcher Feike Hacquebord found fake sites carrying a variant of the JAHLAV family of malware that can change a user's DNS server and point them towards a fake website - in some cases to phishing sites.

This is a similar threat to a version of JAHLAV that affected versions of Quicktime as well as pose as pirated versions of PDF application Foxit Reader.

Trend Micro solutions architect Rik Ferguson said that criminals were taking advantage of the "desire" and "greed" of people who were not willing to pay for the new OS when it is released.

"It's exploiting some very, very old human weaknesses," he said.

Apple seems to be taking notice of the new wave of Mac malware, with Ferguson saying that he had it confirmed from Snow Leopard beta testers that the real release would carry anti-malware controls.

"It's great that they are waking up to the threat I really, really welcome that," he said. "What I would say though of what I've seen pre-release, is that it is very rudimentary, very signature based for two types of malware, and that doesn't include the malware that was found in this case."

He said that the creators of JAHLAV were very likely the same kind of people behind traditional PC malware, as they were seeing similar techniques such as social engineering putting it in downloads people were searching for.