Apple Malware Bounty: Infect a Mac, Earn $0.43

GENEVA — In a sign that cyber-criminals are investing more time and resources into attacks against Apple’s Mac users, a new malware affiliate program has been discovered offering 43c for every infected Mac machine.
During an eye-opening presentation at the VB Conference 2009 conference here, Sophos Labs researcher Dmitry Samosseikko provided a glimpse into the “Partnerka,” a Russian network of spam and malware affiliates that have turned their attention to the Mac platform — using social engineering tricks to load fake codecs and scareware programs.

GENEVA — In a sign that cyber-criminals are investing more time and resources into attacks against Apple’s Mac users, a new malware affiliate program has been discovered offering 43c for every infected Mac machine.

During an eye-opening presentation at the VB Conference 2009 conference here, Sophos Labs researcher Dmitry Samosseikko provided a glimpse into the “Partnerka,” a Russian network of spam and malware affiliates that have turned their attention to the Mac platform — using social engineering tricks to load fake codecs and scareware programs.

Samosseiko discussed the “codec-partnerka,” which is dedicated solely to the sale and promotion of fake Mac software.

He pointed to a site called Mac-codec.com (now offline) which was offering $0.43 for each malicious install, a price tag that suggests the Mac platform is becoming more and more lucrative to online crime gangs.

The site was also offering various promotional materials in the form of MacOS video players, a sign that the investment is just more than tricking users into paying for fake security software.

In the past, we have seen the use of porn video lures to trick Mac users into downloadiing and installing  DNS changer Trojans.

The DNS changer Trojans typically change the Mac’s DNS server (the server that is used to look up the correspondences between domain names and IP addresses for web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web pages displaying ads for other pornographic web sites.

Suggested articles