Turn off the Safari option to automatically open "safe" files to avoid this instead of buying Intego's software. They have a history of exaggerating threats to sell software.

People have been saying that for years, as its been the biggest security issue in OS X over the past several years. And Apple keeps leaving the setting turned on.

But it still doesn't keep someone from double-clicking the file in the Downloads folder because they think they must've downloaded it (maybe have a way to prompt on download, rather than just downloading anything).

Then again, trojans are found everywhere. They've been on the macs for ages (I remember the big graphics accelerator trojan for OS 9, I believe). You can't stop them, no matter how diligent you are (unless you never install or use any software on your mac).

BTW, I must admit a mistake I've made for years. I've often stated what seemed obvious: Norton Antivirus is a virus in itself (as it usually causes more harm then good). That is wrong. It would technically be considered a Trojan, as it pretends to be one thing while including a big surprise inside.

"--requires users to enter their administrator password which grants the malicious software full root privileges."

Ah... Nothing like a virus you willfully install on your computer. A little too much work for me. It's probably too tough for most users to infect themselves. Those that do are brainless p***-dogs and sadly must be culled from the userbase.

kudos for stating the obvious - the same applies to the Windows side. I used to have a client with a hopeless p*** addiction, whose PC kept getting reinfected (surprise) within hours of getting cleaned.

Finally, I switched him to a Mac. The p*** kept flowing, but at least the system remained stable.

sinners! fornicators! serves them right for looking at p***. a sin of the flesh.

doesn't anybody see the link between "trojan" and these p*** sites? ahhh... the antichrist is coming.

You get the Trojan Horse if you open up this news article_

Watch out !!!

if you have a firewall turned on_

Then Javascript disabled - then you really don't have much to worry about_

All this does is create a fiaso for the Mac that has already inflicted the PC for years_

Secondly - browsers equipped with pop-up blockers are falling behind as coders are coming up with new ways to get around the "blocking" function of the Browser blockers_

"Means of protection: The best way to protect against this exploit is to run Intego VirusBarrier X4 with its virus definitions dated October 31,2007. Intego VirusBarrier X4 eradicates the malicious code and prevents the Trojan horse from being installed. Intego recommends that users never download and install software from untrusted sources or questionable web sites."

One guess who MADE this virus!

Ah... Nothing like a virus you willfully install on your computer. A little too much work for me. It's probably too tough for most users to infect themselves. Those that do are brainless p***-dogs and sadly must be culled from the userbase.

Its not a virus, but a trojan. Thus you don't realize you're installing a bad piece of software, just a "bad" piece of software. h***, you could be installing a trojan installing Stuffit Expander for all you know.

if you have a firewall turned on_

Its not on by default, so probably half don't have it on...

Then Javascript disabled - then you really don't have much to worry about_

How many people are actually disabling javascript these days? Since most of the exciting 'web 2.0' sites require javascript, its doubtful that number is even close to what it was 10 years ago, when javascript was evil...evil.EVIL!

is not entirely true either. You can use Network Utility to do a lookup and the result will show the DNS used.

I'm not sure about the Network utility, but I know in OS X or Windows, when I'm behind a router, my DNS settings tend to point to the router, not the DNS server anyway. So I don't know how useful that is (and who checks these things anyway, besides the random paranoid?)

...is this press release by Intego - maliciously targetted at novice Leopard users and new Mac buyers, as a stealthy way to make them buy their software.

Id rather have this (so-called) Trojan Horse sitting in my downloads folder, than install ANY "protection" software - especially from a company that would "market" in this way. I mean, imagine what THEY would do if they somehow got control of your machine.

Additionally - anyone who would go through all the steps necessary for this to "work" - deserves bad things happening. Any of us could write an Applescript that accesses low level functions and trashes a disk - and just tell people to run it and give the necessary permissions when it asks. I suppose that is a "threat" too? These "Virus-teers" are a bunch of a*******.

and Doofuses.

Hysterical.

The problem with the "this isn't a big deal" mentality is that OS X continues to be pushed as a virus free OS & so users begin to believe they are immune. For those of us smart enough to know better than to install unknown software this is a joke of an attempt at a virus, but for joe idiot it is a serious threat. If people start getting viruses for doing stupid things Apple is still going to get blamed. This could easily turn into a PR nightmare.

It's an installer that runs a script that runs a command to change your dns settings... wow that's crazy! It's a real trojan alright.

Other than someone being a fücking a** wad, how is this news?

Viruses can spread on their own. Plain and simple. OS X is still virus free.

There is no need for anti virus software.

Just use a condom.

This is definitely not a virus, but at the same time, trojans are not harmless. In fact, most malwares are trojans. Viruses have a potential to spread quickly and do a lot of damage, but that doesn't make trojans harmless. Lots and lots of people fall for trojans.

Unfortunately, the only effective way of dealing with trojans is to teach people not to be stupid, as no virus protection or security model can prevent the user from doing something stupid.

OS X is still virus free, yes, but by my count this is trojan number 7 that's been targeted at OS X. So far none of them have been widespread or very successful, but users need to continue to be educated on avoiding malware.

Or be more cautious on the p*** sites!

It's amazing how many of you here at macnn don't get it.

A Trojan is a piece of software that masquerades as a legitimate program that claims to do one thing (video codec in this case), but in reality does another malicious thing (DNS redirection in this case).

This attacker was hosting a DNS server with poisoned records that would redirect a victims traffic from several valid sites such as (pay-pal, etc) to impostor sites for phishing purposes. I work in security and some of these sites look quite convincing. If you are not sure, check the SSL certificate on the site.

Do you think that you are just too smart to fall for something like this? There have been instances in the open-source world where legitimate websites have been hacked and their "legitimate" software was modified. Thus tricking people who thought they were installing legit software into installing backdoors on their systems. This is one of the reasons that most open source sites post MD5 Checksums along with their software.

I really like the attitude that if you have your firewall on and java script off, you don't have anything to worry about. Yeah right, go take a look at the exploit code on sites like milw0rm. No platform is bullet proof.

What were you doing at those sites to find that? Shame on you...

You make a bad assumption. I can read the security bulletins, so I don't need to look at the dirty pictures. In fact, I get paid to read security bulletins and to help maintain patches on 15,000 hosts. On the other hand, I am the one who controls the corporate proxy servers and content filtering too.

sites. If you're spending time surfing those sites, you are just asking to be burned. p*** and serial number sites are just plain risky.

mac users with fourth grade level knowledge should be smart enough to 'reject installing p*** related website mal-ware' ....

Anyone have word on if Clam has been updated to detect this yet?

mac users with fourth grade level knowledge should be smart enough to 'reject installing p*** related website mal-ware' ....

That's right. Because all Mac users are intelligent people who would never fall for a trojan, phishing email, or any other type of scam. All idiots use Windows and are the only ones who fall for such things.

Yeah, nothing elitist about that statement.

Oh, and please share how reporting on a real trojan is FUD?

Surely the headline should read "Trojan targets MacUsers" rather than OSX, given that as social engineering devices, malware(s) of this type target the user rather than security holes in the operating system per se. It is certainly responsible to make people aware of the nature of specific types of trojan, but it is grossly irresponsible and misleading to suggest that anti-virus software is necessary rather than just exercising a greater degree of diligence so Intego should be thanked and then told to f+ck off!

…that this is due to Global Warming.

Won't go anywhere since it's:

1) Not self-propagating 2) Masquerades as non-existent codec 3) Only distributed by phishing sites 4) Targeting a very small demographic

No honest adult website could accidentally distribute this trojan. It's masquerading as non-existent codec to which no video format even requires. Even the most inept web admin wouldn't distribute it because he doesn't have any content that requires this fake codec.

This is plainly a marketing ploy to frighten Mac users into purchasing their anti-virus software. There are more efficient ways of scamming internet and email users in general, reaching across all demographics and platforms.

Just ask the Nigerians.

So this is what Microsoft's "Macintosh Business Unit" has been up to.

My late uncle in Nigeria just left me US$50,000,000 in a bank account. I need $5000 to clear up all the legal stuff and have it transferred to the states. If someone would give me that $5000, I'll give you half my inheritance.

Why does MacNN keep posting this kind of stuff? Are they getting paid to do it?!

Then, "software update" or any installer is a Trojan... I think that anyone installing any kind of program has to think... impossible, it seems in this day and age but it remains fundamental to making correct decisions.

Freedom to act carries risk and responsibility. Calling this a Trojan is pushing that definition a little too hard, since it doesn't just operate in the background without the user's knowledge and acceptance.

The title is inaccurate... it should read:

"Trojan horse targets perverts"

Sounds great! Just post your bank routing number and account number on this thread. I'm sure you'll have the Five Kilodollars in no time!

Could I have contracted this trojen? On Wednesday night Nov 21 or early AM on Thursday Nov 22, I started checking out Redtube for the first time (pervert? No - HUMAN - I have a difficult time getting dates, so online p*** nicely fills a need). At approx 3:40pm Thursday Nov 22, I got a notice about an update for Flip4Mac. Installing it did require my system password. However, the option in Safari “Open safe files after downloading” is not selected. I had no reason to believe that the update for Flip4Mac was phony, since I’ve been relying on that codec to view wmv files. I also haven’t gotten any more update offers each time I revisit Redtube, even though this news story specifies that it would happen

One thing that could be a sign: On the Redtube site, at the bottom of the page is a banner ad. It mentions adult personals with members in a town near me. That could be a sign that my Mac is infected with the trojen, or it could mean that my ISP is in that town, and the banner ad host is getting the town name from an IP address interpreter.

Can’t Redtube be blamed for this? Or is this trojen from someone who was somehow able to hack the Redtube server and tricking it into offering this phony update?

Something similar happened to me just this past week!
I get a package in the mail and when I opened the box, it had a hammer in it with a note that said, "Take the hammer and hit it over your head". And of course I did and subsequently I ended up in the hospital! Man, so sneaky.