11/18/2008, 11:20am, EST
Tuesday, November 18th
New Trojan threatens Macs with installer
A new version of an existing Trojan poses a significant threat to Mac users, claims the Intego security firm. Based on RS.Plug.A, the RSPlug.D Trojan is said to find its way onto computers through malicious websites, namely several less scrupulous porn sites. On visiting a particular page a person will be greeted with a "Video ActiveX Object Error," stating that their browser cannot play a particular video; it then asks people to download the ActiveX object in question.
Despite the reference to a Windows technology, clicking "OK" in the error dialog will download a disk image file from a remote server, with a name such as cleanlive.dmg; Intego warns that several different filenames may be in use. This image may then attempt to mount itself, and launch its contents automatically.
Defense against the Trojan is possible by avoiding suspicious websites or refusing to accept the download, though if the ActiveX dialog is encountered, it becomes impossible to navigate away without closing a browser entirely. The Trojan should also in theory be recognized by various anti-virus programs such as Intego's own, which will halt the malware from being executed locally.
Filed under: security
Other story tags: malware, anti-virus
, 
, 19
, 
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
Everyone knows
what to expect in deep dark alleys of a big bad world. Obviously no saints there. Take a wild guess what you would get from scrupulous porn sites? Cookie recipe? You get some bad code that may cause havoc on your system.
Intego has been trying to cry foul for a long time now. Do people really buy their software. I fear they may be the ones creating these "socially engineered trojans" and passing them to porn sites so that the users buy their software. Good ecology. Everyone happy with the money.
ActiveX???
At least they could try 'Quicktime codec not supported - install to view'??
Coincidence?
"The Trojan should also in theory be recognized by various anti-virus programs such as Intego's own"
Call me a conspiracy freak, but statements like that really make me wonder the source of the trojan......
Re: coincidence
You're a conspiracy freak.
You really think if they wanted to make some trojans, they couldn't do a better job of it?
Here's a question, though. Has Apple finally changed their default behavior of Safari to NOT open "safe" files ("safe" being an arbitrary decision that certain file types are "safe", not the specific file itself is safe).
Scare Tactic
Intego has tried this type of scare tactic before, as have MacAfee and Symantec. They'd love to frighten Mac users into buying their software.
testudo... Apple changed the Safari download default ages ago. What's your point?
Safari
Testudo, Apple changed this at least a billion years ago, so this just proves you know shit about Apple and Macs...please go back to your Dell, dude.
Safari
I came here just to vote down Testudo comments and let him know he is still clueless.
BUT WHAT?
But what does it do? And how do you get it off if it is already installed? This article is of little help to those who may have already come across this thing.
intego grain of salt
I take everything Intego says about Mac security with a HUGE grain of salt -- it always seems they're breathlessly announcing such "threats" ... seems more sensational PR than serious security advisories to me -- in my experience, the more panicked and 'significant' a vendor claims a threat is, the more likely it's not; I've been in the infosec biz for 15 years and that's how security was in the PC world for years.
scrupulous?
scrupulous means diligent, thorough, and extremely attentive to details. It really only modifies a person or a process.....my question is how is a porn site scrupulous, or rather...less scrupulous.