Posted by: David Harley | December 13, 2012

Trojan.SMSSend.366

Trojan.SMSSend.366 is a fake installer that passes itself off as VKMusic 4 for Mac OS X but actually has  a nasty habit of subscribing victims to an expensive and useless SMS subscription service. A style of malware we’re more used to seeing on Windows machines than on Macs, so interesting, but not a major threat outside Russia, especially as Apple has already updated its XProtect.plist internal detection to catch it. Not that I’m a great fan of that method of blacklisting malware – it doesn’t work all the contexts a commercial AV product does – but it’s still a lot better than ignoring it.

The malware was first reported by Dr.Web, and also flagged by Kaspersky. I haven’t noticed it mentioned publicly by AV companies outside Russia, but samples have been shared.

David Harley CITP FBCS CISSP

Advertisements

Responses

  1. It’s also of note that Gatekeeper would block this on Mountain Lion.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: