updated 11:20 am EST, Tue November 18, 2008
RSPlug.D Trojan hits Macs
A new version of an existing Trojan poses a significant threat to Mac users, claims the Intego security firm. Based on RS.Plug.A, the RSPlug.D Trojan is said to find its way onto computers through malicious websites, namely several less scrupulous porn sites. On visiting a particular page a person will be greeted with a "Video ActiveX Object Error," stating that their browser cannot play a particular video; it then asks people to download the ActiveX object in question.
Despite the reference to a Windows technology, clicking "OK" in the error dialog will download a disk image file from a remote server, with a name such as cleanlive.dmg; Intego warns that several different filenames may be in use. This image may then attempt to mount itself, and launch its contents automatically.
Defense against the Trojan is possible by avoiding suspicious websites or refusing to accept the download, though if the ActiveX dialog is encountered, it becomes impossible to navigate away without closing a browser entirely. The Trojan should also in theory be recognized by various anti-virus programs such as Intego's own, which will halt the malware from being executed locally.