March 22, 2013 report
"Dr. Web" anti-virus firm warns of new Mac Trojan
(Phys.org) —Dr. Web, the Russian anti-virus firm has issued an announcement regarding malware infecting Mac computers—called Trojan.Yontoo.1, it makes its way to users' computers by tricking them into downloading it. Once installed, it tracks the user's Internet history and injects ads into websites, generating revenue for the people who created and unleashed the malware.
For years, Mac users have felt nearly immune to malware attacks—such computers rarely if ever got viruses, much less Trojans. But those days are over Dr. Web says, noting that they've seen a steady climb in malware on the Internet targeting Mac users since the beginning of the year. Impacted by this new Trojan are users of computers running OS X, with Safari, Chrome or Firefox browsers.
The Trojan is actually fairly straightforward, users wandering onto certain websites, attracted by the idea of watching movie trailers are told their viewing experience will be better if they install a program called "Free Twit Tube." If the user agrees, they are presented with a familiar looking pop-up asking if they'd like to continue. If they do so, the Trojan will be installed into all of the browsers on the computer. Dr. Web notes that there are variants of the initial ploy used to entice users—some advertise a new media player, another promises to speed up downloads, etc. The end result for all of them is the same, the user is redirected to another page where they are prompted to download the program, which actually does nothing except install its Trojan app into all available browsers.
Fortunately for Mac users, the Trojan.Yontoo.1 is both easy to spot and remove. It shows up as an app in all three browser types as "Yontoo," and thus can be disabled just like any other app, or deleted from the computer altogether.
The purpose of the Trojan appears to be a means for providing those that made it a way to create revenue for themselves by creating false page views by the people using the infected computers. Ads pop up on web sites that weren't meant to be there, and the perpetuators of the Trojan receive credit for them. Dr. Web advises users to only ever download programs or apps from reliable and/or well-known providers.
© 2013 Phys.org