New Trojan threatens Macs with installer
updated 11:20 am EST, Tue November 18, 2008
RSPlug.D Trojan hits Macs
A new version of an existing Trojan poses a significant threat to Mac users, claims the Intego security firm. Based on RS.Plug.A, the RSPlug.D Trojan is said to find its way onto computers through malicious websites, namely several less scrupulous porn sites. On visiting a particular page a person will be greeted with a "Video ActiveX Object Error," stating that their browser cannot play a particular video; it then asks people to download the ActiveX object in question.
Despite the reference to a Windows technology, clicking "OK" in the error dialog will download a disk image file from a remote server, with a name such as cleanlive.dmg; Intego warns that several different filenames may be in use. This image may then attempt to mount itself, and launch its contents automatically.
Defense against the Trojan is possible by avoiding suspicious websites or refusing to accept the download, though if the ActiveX dialog is encountered, it becomes impossible to navigate away without closing a browser entirely. The Trojan should also in theory be recognized by various anti-virus programs such as Intego's own, which will halt the malware from being executed locally.
Fresh-Faced Recruit
Joined: Mar 2006
Everyone knows
what to expect in deep dark alleys of a big bad world. Obviously no saints there. Take a wild guess what you would get from scrupulous p*** sites? Cookie recipe? You get some bad code that may cause havoc on your system.
Intego has been trying to cry foul for a long time now. Do people really buy their software. I fear they may be the ones creating these "socially engineered trojans" and passing them to p*** sites so that the users buy their software. Good ecology. Everyone happy with the money.