toggle

AAPL Stock: 102.5 ( + 0.25 )

Printed from http://www.macnn.com

Third version of Mac OS X Trojan emerges

updated 09:40 am EST, Wed December 3, 2008

RSPlug.E Trojan manifests

A third variant of the RSPlug Trojan has appeared online, says security firm Intego. Following in the wake of the RSPlug.D version, Intego notes that another mutant copy called RSPlug.E has appeared. The new Trojan is said to be very similar in scope to D, being mainly found on dubious pornography sites, and equipped with a downloader that installs files from a remote server.

Likewise, a contaminated website will display a "Video ActiveX Object Error," which prompts users to download a missing plug-in that is really a disk image. This image may mount and install itself automatically if a user's browser settings are enabled to allow it.

The factor differentiating RSPlug.E, however, is that it downloads files named "FlashPlayer.v3.348.dmg" and "FlashPlayer.v..dmg," which have encoded malware containing the line "begin 666 intego." This code taps into Unix permissions to create a malicious file called "intego," which the namesake company argues is intended as a form of provocation. Definitions in VirusBarrier X5 have been updated to detect and block the Trojan.

Apple recently pulled an anti-virus support page, claiming that Macs are generally safeguarded against malware threats; it notes, however, that anti-virus software may still be useful.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. dynsight

    Joined: Dec 1969

    +9

    Stupid users

    Um, okay. Someone goes to a p*** site, is asked to MANUALLY download a video driver.

    THEN after the drive image is mounted, they have to either drag the application to their hard drive or run it.

    My question: I know in windows the Trojans are difficult to locate in memory whilst running or on the drive.

    Generally, locating files on the Mac is not bad, and the activity monitor is great for tracking rogue programs.

    Just curious to see how easy it is to clean the Mac.

  1. Mr. Strat

    Joined: Dec 1969

    +9

    More scare tactics

    And so we have a company that sells anti-virus software telling us about a new threat.

    Oooooo...I'm scared!

  1. jhawk95

    Joined: Dec 1969

    +7

    And so if.........

    And so IF you visit p*** sites, and IF you are asked to download an application, and IF you download it and then IF you install it then YOU DESERVE WHAT YOU GET!

    "Otherwise," said the nice anti-virus software salesman to all the non-virus worrying Mac owners, "Buy our software and you can vist p*** Sites until your heart is content.

  1. infowarrior

    Joined: Dec 1969

    +6

    here we go again


    That's Intego for ya .... every new variant, no matter how minor it may be, is cause for a new press releaase.

  1. JeffHarris

    Joined: Dec 1969

    +8

    Job Security

    Like the legions of drones who rely on poorly designed, security riddled Microsoft products for their livelihood, it seems the fear-mongering shills at Intego want to frighten uninformed Mac users into buying their wares.

    This approach may work with shellshocked Windows refugees ... I wonder if they have sales spikes after their FUD releases ... but long-time hard-core Mac users won't be so easily fooled.

    If there comes a day when there ARE serious security threats to Mac OS X, then we'll do the right thing and buy anti-virus software...
    from ANYONE but Intego.

  1. jarod

    Joined: Dec 1969

    +7

    Wow

    You have to be a REAL MORON to get a virus on a Mac considering how many MANUAL steps YOU have to take to cause any damage.

  1. erostratus

    Joined: Dec 1969

    0

    Download ClamXAV

    This is exactly why people should at least have anti-virus software. I always assume people have the software and just run it every once in a while. I use ClamXAV when I want to scan a file I've downloaded or received via email, but I don't have it set up to continually scan. I read a post today at Mac Guru Lounge on the [URL="http://www.macgurulounge.com/2008/12/02/top-5-mac-security-tips-for-the-holidays/"]Top 5 Mac Security Tips for the Holidays[/URL], which also talked about running AV software.

  1. erostratus

    Joined: Dec 1969

    -2

    Download ClamXAV

    This is exactly why people should at least have anti-virus software. I always assume people have the software and just run it every once in a while. I use ClamXAV when I want to scan a file I've downloaded or received via email, but I don't have it set up to continually scan. I read a post today at Mac Guru Lounge on the Top 5 Mac Security Tips for the Holidays, which also talked about running AV software.

    http://www.macgurulounge.com/2008/12/02/top-5-mac-security-tips-for-the-holidays/

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Kanex KTU10 Thunderbolt to USB 3.0 and eSATA

Apple has never been shy about funky ports -- first it was Apple Desktop Bus, and its own DIN-8 serial port. Following that came FireW ...

Logitech Hyperion Fury mouse

Selecting the correct gaming mouse comes down to finding a device that balances the needs of a user with a price they can afford. Ofte ...

Life n Soul BM211 Bluetooth speaker

Bluetooth speakers aren't only for listening to some music at the park or on a long bus ride, but can also be built with tablets in m ...

toggle

Most Commented