Warning: 10 Websites with Chinese Country Domains Distributing Mac-Targeting Computer Virus (1)
TOKYO (MacHouse) - We have found 10 websites hosted through Chinese country domains (.cn) distributing a Mac-targeting computer virus. Each of these websites comes with a few dozen subdomain websites. These websites pretend to host pornographic content. The index page says “This site contains explicit sexual material which may be offensive to some viewers. You must be at least 18 years of age…” (See Screenshot 01.) If you click on a link that says ‘+18 Enter,’ the page content will switch and reference to an outside website hosted in California. Eventually, you will be forced to download a disk image (.dmg). (See Screenshot 02.) This disk image contains a computer virus targeting Mac users. (See Screenshot 03.) It’s designed to change DNS settings so that you will be forcibly redirected to malicious websites.
 Screenshot 01 - Source: axjnf8.cn |
 Screenshot 02 - Source: axjnf8.cn |
 Screenshot 03 - Source: MacHouse |
The following is a list of Chinese domains through which malicious websites are hosted.
All the domains listed above are active at the time of publishing this article. You are advised not to visit these websites unless your terminal is equipped with anti-virus software.
The actual website distributing the disk image labeled ‘turbo-codec.v.4.221.dmg’ is hosted through the domain of turbo-codec.com. This malicious website is hosted by a California-based hosting company named cernel.net. This disk image contains a Trojan horse that is designed to change DNS settings. Symantec calls this particular computer virus OSX.RSPlug.A.
We will have a more detailed report in a few hours.
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.