TOKYO (MacHouse) – We have found 10 websites hosted through Chinese country domains (.cn) distributing a Mac-targeting computer virus. Each of these websites comes with a few dozen subdomain websites. These websites pretend to host pornographic content. The index page says “This site contains explicit sexual material which may be offensive to some viewers. You must be at least 18 years of age…” (See Screenshot 01.) If you click on a link that says ‘+18 Enter,’ the page content will switch and reference to an outside website hosted in California. Eventually, you will be forced to download a disk image (.dmg). (See Screenshot 02.) This disk image contains a computer virus targeting Mac users. (See Screenshot 03.) It’s designed to change DNS settings so that you will be forcibly redirected to malicious websites.
 Screenshot 01 – Source: axjnf8.cn |
 Screenshot 02 – Source: axjnf8.cn |
 Screenshot 03 – Source: MacHouse |
The following is a list of Chinese domains through which malicious websites are hosted.
All the domains listed above are active at the time of publishing this article. You are advised not to visit these websites unless your terminal is equipped with anti-virus software.
The actual website distributing the disk image labeled ‘turbo-codec.v.4.221.dmg’ is hosted through the domain of turbo-codec.com. This malicious website is hosted by a California-based hosting company named cernel.net. This disk image contains a Trojan horse that is designed to change DNS settings. Symantec calls this particular computer virus OSX.RSPlug.A.
We will have a more detailed report in a few hours.
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
