12/03/2008, 9:40am, EST
Wednesday, December 3rd
Third version of Mac OS X Trojan emerges
A third variant of the RSPlug Trojan has appeared online, says security firm Intego. Following in the wake of the RSPlug.D version, Intego notes that another mutant copy called RSPlug.E has appeared. The new Trojan is said to be very similar in scope to D, being mainly found on dubious pornography sites, and equipped with a downloader that installs files from a remote server.
Likewise, a contaminated website will display a "Video ActiveX Object Error," which prompts users to download a missing plug-in that is really a disk image. This image may mount and install itself automatically if a user's browser settings are enabled to allow it.
The factor differentiating RSPlug.E, however, is that it downloads files named "FlashPlayer.v3.348.dmg" and "FlashPlayer.v..dmg," which have encoded malware containing the line "begin 666 intego." This code taps into Unix permissions to create a malicious file called "intego," which the namesake company argues is intended as a form of provocation. Definitions in VirusBarrier X5 have been updated to detect and block the Trojan.
Apple recently pulled an anti-virus support page, claiming that Macs are generally safeguarded against malware threats; it notes, however, that anti-virus software may still be useful.
, 
, 8
, 
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
Stupid users
Um, okay. Someone goes to a porn site, is asked to MANUALLY download a video driver.
THEN after the drive image is mounted, they have to either drag the application to their hard drive or run it.
My question: I know in windows the Trojans are difficult to locate in memory whilst running or on the drive.
Generally, locating files on the Mac is not bad, and the activity monitor is great for tracking rogue programs.
Just curious to see how easy it is to clean the Mac.
More scare tactics
And so we have a company that sells anti-virus software telling us about a new threat.
Oooooo...I'm scared!
And so if.........
And so IF you visit porn sites, and IF you are asked to download an application, and IF you download it and then IF you install it then YOU DESERVE WHAT YOU GET!
"Otherwise," said the nice anti-virus software salesman to all the non-virus worrying Mac owners, "Buy our software and you can vist Porn Sites until your heart is content.
here we go again
That's Intego for ya .... every new variant, no matter how minor it may be, is cause for a new press releaase.
Job Security
Like the legions of drones who rely on poorly designed, security riddled Microsoft products for their livelihood, it seems the fear-mongering shills at Intego want to frighten uninformed Mac users into buying their wares.
This approach may work with shellshocked Windows refugees ... I wonder if they have sales spikes after their FUD releases ... but long-time hard-core Mac users won't be so easily fooled.
If there comes a day when there ARE serious security threats to Mac OS X, then we'll do the right thing and buy anti-virus software...
from ANYONE but Intego.
Wow
You have to be a REAL MORON to get a virus on a Mac considering how many MANUAL steps YOU have to take to cause any damage.
Download ClamXAV
This is exactly why people should at least have anti-virus software. I always assume people have the software and just run it every once in a while. I use ClamXAV when I want to scan a file I've downloaded or received via email, but I don't have it set up to continually scan. I read a post today at Mac Guru Lounge on the [URL="http://www.macgurulounge.com/2008/12/02/top-5-mac-security-tips-for-the-holidays/"]Top 5 Mac Security Tips for the Holidays[/URL], which also talked about running AV software.
Download ClamXAV
This is exactly why people should at least have anti-virus software. I always assume people have the software and just run it every once in a while. I use ClamXAV when I want to scan a file I've downloaded or received via email, but I don't have it set up to continually scan. I read a post today at Mac Guru Lounge on the Top 5 Mac Security Tips for the Holidays, which also talked about running AV software.
http://www.macgurulounge.com/2008/12/02/top-5-mac-security-tips-for-the-holidays/