Several Web sites have sprung up over the last couple days offering users free upgrades of Apple's latest operating system, Mac OS X 10.6 Snow Leopard. Of course, these sites are socially engineered ploys to trick users into downloading malicious software.
TrendMicro has reported the threat on their blog:
Once executed, OSX_JAHLAV.K decrypts codes, which include a script that downloads other malicious scripts. The said script then alters the DNS configuration and includes two additional IP addresses in its DNS server. Users are thus possibly redirected to phishing sites and other fraudulent sites. In fact, some of these bogus sites are reportedly hosting FAKEAV (rogue antivirus) variants and components.Users are advised to only obtain copies of Mac OS X 10.6 Snow Leopard from Apple directly, or other trusted retailers.