toggle

AAPL Stock: 95.22 ( + 0.19 )

Printed from http://www.macnn.com

New Trojan threatens Macs with installer

updated 11:20 am EST, Tue November 18, 2008

RSPlug.D Trojan hits Macs

A new version of an existing Trojan poses a significant threat to Mac users, claims the Intego security firm. Based on RS.Plug.A, the RSPlug.D Trojan is said to find its way onto computers through malicious websites, namely several less scrupulous porn sites. On visiting a particular page a person will be greeted with a "Video ActiveX Object Error," stating that their browser cannot play a particular video; it then asks people to download the ActiveX object in question.

Despite the reference to a Windows technology, clicking "OK" in the error dialog will download a disk image file from a remote server, with a name such as cleanlive.dmg; Intego warns that several different filenames may be in use. This image may then attempt to mount itself, and launch its contents automatically.

Defense against the Trojan is possible by avoiding suspicious websites or refusing to accept the download, though if the ActiveX dialog is encountered, it becomes impossible to navigate away without closing a browser entirely. The Trojan should also in theory be recognized by various anti-virus programs such as Intego's own, which will halt the malware from being executed locally.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. macnixer

    Joined: Dec 1969

    +5

    Everyone knows

    what to expect in deep dark alleys of a big bad world. Obviously no saints there. Take a wild guess what you would get from scrupulous p*** sites? Cookie recipe? You get some bad code that may cause havoc on your system.

    Intego has been trying to cry foul for a long time now. Do people really buy their software. I fear they may be the ones creating these "socially engineered trojans" and passing them to p*** sites so that the users buy their software. Good ecology. Everyone happy with the money.

  1. JulesLt

    Joined: Dec 1969

    +8

    ActiveX???

    At least they could try 'Quicktime codec not supported - install to view'??

  1. CobraNT

    Joined: Dec 1969

    +10

    Coincidence?

    "The Trojan should also in theory be recognized by various anti-virus programs such as Intego's own"

    Call me a conspiracy freak, but statements like that really make me wonder the source of the trojan......

    Comment buried. Show
  1. testudo

    Joined: Dec 1969

    -28

    Re: coincidence

    You're a conspiracy freak.

    You really think if they wanted to make some trojans, they couldn't do a better job of it?

    Here's a question, though. Has Apple finally changed their default behavior of Safari to NOT open "safe" files ("safe" being an arbitrary decision that certain file types are "safe", not the specific file itself is safe).

  1. JeffHarris

    Joined: Dec 1969

    +13

    Scare Tactic

    Intego has tried this type of scare tactic before, as have MacAfee and Symantec. They'd love to frighten Mac users into buying their software.

    testudo... Apple changed the Safari download default ages ago. What's your point?

  1. ricardogf

    Joined: Dec 1969

    +1

    Safari

    Testudo, Apple changed this at least a billion years ago, so this just proves you know s*** about Apple and Macs...please go back to your Dell, dude.

  1. Guest

    Joined: Dec 1969

    +3

    Safari

    I came here just to vote down Testudo comments and let him know he is still clueless.

  1. TheSnarkmeister

    Joined: Dec 1969

    +2

    BUT WHAT?

    But what does it do? And how do you get it off if it is already installed? This article is of little help to those who may have already come across this thing.

  1. infowarrior

    Joined: Dec 1969

    +6

    intego grain of salt

    I take everything Intego says about Mac security with a HUGE grain of salt -- it always seems they're breathlessly announcing such "threats" ... seems more sensational PR than serious security advisories to me -- in my experience, the more panicked and 'significant' a vendor claims a threat is, the more likely it's not; I've been in the infosec biz for 15 years and that's how security was in the PC world for years.

  1. Guest

    Joined: Dec 1969

    +5

    scrupulous?

    scrupulous means diligent, thorough, and extremely attentive to details. It really only modifies a person or a process.....my question is how is a p*** site scrupulous, or rather...less scrupulous.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Samsung SmartCam HD Pro

Keeping an eye on the home while out and about these days is common practice, assisted by modern technology. Internet cameras became p ...

Fugoo Bluetooth speaker

It's rare to find a Bluetooth speaker that can cover a large array of needs. Generally, speakers are wrapped in a desktop-convenient ...

Epson LW-600P

Label makers are traditionally simple machines that perform a single task which people feel they can either live with or without. In m ...

toggle

Most Commented