Is this a Mac virus????

[efcjimbo]

This just happened

When I go to enter youtube.com in Safari
I get redirected to a totally different site

I thought youtube had been hacked, then I tryed it with Firefox same again no youtube on firefox.

I thought it might be my ISP so I opened Parallels Desktop, firefox on my mac and got proper youtube site, so its not ISP blocking Youtube

I then tryed another mac on my home network and got proper youtube.

So I reset Safari on my mac, getting rid of caches, cookies etc.
Still the same, none youtube comes up.

So what the hell is this?????
I've been using Macs for 10 years never came across anything like this

This what I'm getting when I enter youtube

 

[r.j.s]

Have you installed any torrented software recently? Or any video codecs for quicktime?

 

[thegoldenmackid]

Or any preference panes.

 

[madog]

No viruses for the Mac, yet.

Only thing out there right now are Trojans. Like the poster above me, have you installed any torrented software, or possibly any random/unknown software for "video codecs" or the like?

I don't even know if this can be done on the Mac, but I know for Windows there is a host file one can modify to redirect a named address to any IP address you put in it. I wouldn't know off the top of my head where, or even if that can be done with Mac OS X, but maybe an app modified that file or someone is pulling a prank on you.

 

[guydude193]

^^
+1. Don't download illegally gained software.

 

[BlueRevolution]

^^
+1. Don't download illegally gained software.

I love how quick we are to accuse people.

 

[poolish]

you could check if something has enabled a proxy server in your network settings?

or /etc/hosts, but that couldnt have been changed without your password.

 

[geoffreak]

Sounds like you have a Trojan. You should stay away from torrenting.
Go ahead and disconnect your computer from the network as it may be part of a botnet already. Hopefully this is just simple malware, but it can be easily removed regardless so long as you can figure out what it is.

 

[efcjimbo]

It could be torrents, but I don't think so I haven't done anything recently. (Months) Unless a trojan is set on a delay. I was looking at Youtube yesterday and today's computer use was, sent a few emails, then went to youtube using Safari (4.0) it crashed after opening youtube. When I reopened safari, this then this occurred.

The question now is how is it happening and how do I sort it out.
Its happening with Firefox too so it must be a system wide thing.

Could it be something thats come through Flash? I keep seeing flash is vulnerable to attack?

Ok youtube is back to normal, I've done nothing to change this.
Should I be worried for future,?

 

[geoffreak]

You should only be worried if it appears again. The company in the picture seems legit, but the links may be to a malicious website.

 

[RandomKamikaze]

If it happens again, do an nslookup, search youtube.com and then see what the results are.

Then boot up your Windows VM, do the same, see what results you get.

If you get different compare DNS servers

If you get the same, you know it's not a DNS error

 

[manowarwi]

There was a trojan that went around and keeps on poking its head up every now and then that comes down as a fake video codec, but really installs a malicious program in your /Library/Internet Plug-ins folder which redirects your DNS traffic through bad DNS servers that redirect banking pages to fake sites.

Check out info here: http://www.macworld.com/article/60823/2007/10/trojanhorse.html

 

[Consultant]

THERE ARE NO VIRUSES on OSX.

Since there are no viruses, anti-virus cannot determine what is a virus at this time.

How to check for Trojans
http://www.macworld.com/article/60823/2007/10/trojanhorse.html

Giz Explains: Why OS X Shrugs Off Viruses Better Than Windows
http://i.gizmodo.com/5101337/giz-explains-why-os-x-shrugs-off-viruses-better-than-windows

The Mac Malware Myth
http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

The Unavoidable Malware Myth
http://www.roughlydrafted.com/2008/...-apple-wont-inherit-microsofts-malware-crown/

 

[steve knight]

this looks like the rootkit I got in xp last month. it did the same thing redirected to a different site from a google search.

 

[EmperorDarius]

A DNS Changer perhaps? A just-too-be-sure scan with iAntivirus wouldn't hurt.

 

[localoid]

Umm... open up Terminal and run "whois youtube.com". The resulting DNS info is rather "interesting"... One line from whois, follows:

YOUTUBE.COM.IS.N0T.AS.1337.AS.WWW.(Domain-Name-Omitted-by-Localoid).COM

 

[Tumbleweed666]

Looks to me like a router problem. If it happens again, switch your router off for a couple of minutes, then try again.
Also, and to descend to the same levels of paranoia as you and some other posters here, do you know what the admin password for your router is, did you change it, or have you left it at default? If so, its more likely your router was compromised than your Mac.

 

[Not Available]

whois does not show the correct information for big web sites like google and so, apparently.

 

[Nermal]

Open up Terminal, type the following command, then post the results back here.

cat /etc/hosts

 

[localoid]

whois does not show the correct information for big web sites like google and so, apparently.

Actually, it's just a trick.

 

[BlueRevolution]

That's a cunning trick used by phishers and such. People assume that google.com.aliencollective.com is a part of google.com. Makes sense, because we read left to right, yeah? Actually, it goes the other way. .com is what's called a top-level domain, with aliencollective.com being one of many domains within that TLD. I control the domain aliencollective.com, so I can add as many more subdomains as I want. google.com.aliencollective.com is actually a part of com.aliencollective.com, which in turn is part of aliencollective.com.

Everything after the "/" is normal. aliencollective.com/foo/bar is a subdirectory of aliencollective.com/foo, and so forth.

Sorry if that doesn't make much sense, DNS is confusing stuff. I still have trouble believing that it actually works. It all sounds so shaky.

 

[surflordca]

^^
+1. Don't download illegally gained software.

Boy it's amazing how users on the forum says about illegal software but when it comes to movies how many replies there are recommending "Handbreak" and "Mac The Ripper"

 

[jamesarm97]

The whois on youtube is interesting. Here is the complete whois:

YOUTUBE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
YOUTUBE.COM.ZZZZZ.DOWNLOAD.MOVIE.ONLINE.ZML2.COM
YOUTUBE.COM.NOT.RESPECTED.BY.CALITEC.NET
YOUTUBE.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
YOUTUBE.COM.LOVES.HILPERS.COM
YOUTUBE.COM.IS.N0T.AS.1337.AS.WWW.GULLI.COM
YOUTUBE.COM

 

[r.j.s]

Boy it's amazing how users on the forum says about illegal software but when it comes to movies how many replies there are recommending "Handbreak" and "Mac The Ripper"

In most cases, people are using those apps to rip DVDs they own, so they can use them on their iPod. Big difference.

 

[1ne]

Not to hijack this thread but why would Apple suggests Mac users install antivirus software? But then again the original url is gone from apple.com.