«
»

PC and Mac malware in the same boat

August 10th, 2009

It’s not often that I see a Trojan (DNS Changer) with same low detection rates on PC and Mac versions.

Well, these samples prove it. The ‘bait’ fake codec page is hosted at supertuberental.com

I downloaded and uploaded to Virus Total the two versions pretty much at the same time and here are the results

PC: 3/41

flash-plugin.45080.exe from exeloaddirect.com

pc

Only 3 AV engines on Virus Total are detecting this threat: DrWeb, NOD32 and Sophos.

Mac: 3/41

QuickTimeUpdate.dmg from tablenoids.com

mac

Only 3 AV engines on Virus Total are detecting this threat: F-Secure, Kaspersky and Sophos.

Congrats to Sophos for detecting both the PC and Mac version of this threat!

Our heuristics engine Zheng detects this threat (the PC version) proactively as well.

zhen

Jerome Segura

Malware ID: 04f08886a6db5f01ebc7262db9fc5c88.zip

Malware ID: 4bc22ebef0dd2dc139e5afd9b46671ea.zip

RSS feed to this site
Jerome Segura is a Security Researcher at ParetoLogic.

Twitter

 

Malicious URLs

ParetoLogic, a Microsoft Certified Partner

 

 

Links




Archives




Categories
 
 
 
Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.

© 2010 ParetoLogic Inc.