Here’s an excellent piece by Dancho Danchev on “How the Koobface gang monetarizes Mac OS X” by compromising legitimate sites with a PHP backdoor shell in an attempt to direct OS X traffic to affiliate dating programmes.
There’s a lot of detail in there on a range of scam dating sites that are currently active. Not surprisingly, we’re seeing somewhat related material (Russian bride scams, malware populated domains with Valentine’s Day themes) at ESET, and we’ll be releasing more information shortly. I’ll flag that here, at any rate if we see more evidence of the Mac being targeted.
(Hat tip to David Kennedy for flagging this.)
David Harley FBCS CITP CISSP
Small Blue-Green World
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET