AAPL Stock: 118.03 ( -0.85 )

Printed from

New Trojan threatens Macs with installer

updated 11:20 am EST, Tue November 18, 2008

RSPlug.D Trojan hits Macs

A new version of an existing Trojan poses a significant threat to Mac users, claims the Intego security firm. Based on RS.Plug.A, the RSPlug.D Trojan is said to find its way onto computers through malicious websites, namely several less scrupulous porn sites. On visiting a particular page a person will be greeted with a "Video ActiveX Object Error," stating that their browser cannot play a particular video; it then asks people to download the ActiveX object in question.

Despite the reference to a Windows technology, clicking "OK" in the error dialog will download a disk image file from a remote server, with a name such as cleanlive.dmg; Intego warns that several different filenames may be in use. This image may then attempt to mount itself, and launch its contents automatically.

Defense against the Trojan is possible by avoiding suspicious websites or refusing to accept the download, though if the ActiveX dialog is encountered, it becomes impossible to navigate away without closing a browser entirely. The Trojan should also in theory be recognized by various anti-virus programs such as Intego's own, which will halt the malware from being executed locally.

by MacNN Staff



  1. macnixer

    Joined: Dec 1969


    Everyone knows

    what to expect in deep dark alleys of a big bad world. Obviously no saints there. Take a wild guess what you would get from scrupulous p*** sites? Cookie recipe? You get some bad code that may cause havoc on your system.

    Intego has been trying to cry foul for a long time now. Do people really buy their software. I fear they may be the ones creating these "socially engineered trojans" and passing them to p*** sites so that the users buy their software. Good ecology. Everyone happy with the money.

  1. JulesLt

    Joined: Dec 1969



    At least they could try 'Quicktime codec not supported - install to view'??

  1. CobraNT

    Joined: Dec 1969



    "The Trojan should also in theory be recognized by various anti-virus programs such as Intego's own"

    Call me a conspiracy freak, but statements like that really make me wonder the source of the trojan......

    Comment buried. Show
  1. testudo

    Joined: Dec 1969


    Re: coincidence

    You're a conspiracy freak.

    You really think if they wanted to make some trojans, they couldn't do a better job of it?

    Here's a question, though. Has Apple finally changed their default behavior of Safari to NOT open "safe" files ("safe" being an arbitrary decision that certain file types are "safe", not the specific file itself is safe).

  1. JeffHarris

    Joined: Dec 1969


    Scare Tactic

    Intego has tried this type of scare tactic before, as have MacAfee and Symantec. They'd love to frighten Mac users into buying their software.

    testudo... Apple changed the Safari download default ages ago. What's your point?

  1. ricardogf

    Joined: Dec 1969



    Testudo, Apple changed this at least a billion years ago, so this just proves you know s*** about Apple and Macs...please go back to your Dell, dude.

  1. Guest

    Joined: Dec 1969



    I came here just to vote down Testudo comments and let him know he is still clueless.

  1. TheSnarkmeister

    Joined: Dec 1969



    But what does it do? And how do you get it off if it is already installed? This article is of little help to those who may have already come across this thing.

  1. infowarrior

    Joined: Dec 1969


    intego grain of salt

    I take everything Intego says about Mac security with a HUGE grain of salt -- it always seems they're breathlessly announcing such "threats" ... seems more sensational PR than serious security advisories to me -- in my experience, the more panicked and 'significant' a vendor claims a threat is, the more likely it's not; I've been in the infosec biz for 15 years and that's how security was in the PC world for years.

  1. Guest

    Joined: Dec 1969



    scrupulous means diligent, thorough, and extremely attentive to details. It really only modifies a person or a question is how is a p*** site scrupulous, or rather...less scrupulous.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented