Third version of Mac OS X Trojan emerges
updated 09:40 am EST, Wed December 3, 2008
RSPlug.E Trojan manifests
A third variant of the RSPlug Trojan has appeared online, says security firm Intego. Following in the wake of the RSPlug.D version, Intego notes that another mutant copy called RSPlug.E has appeared. The new Trojan is said to be very similar in scope to D, being mainly found on dubious pornography sites, and equipped with a downloader that installs files from a remote server.
Likewise, a contaminated website will display a "Video ActiveX Object Error," which prompts users to download a missing plug-in that is really a disk image. This image may mount and install itself automatically if a user's browser settings are enabled to allow it.
The factor differentiating RSPlug.E, however, is that it downloads files named "FlashPlayer.v3.348.dmg" and "FlashPlayer.v..dmg," which have encoded malware containing the line "begin 666 intego." This code taps into Unix permissions to create a malicious file called "intego," which the namesake company argues is intended as a form of provocation. Definitions in VirusBarrier X5 have been updated to detect and block the Trojan.
Apple recently pulled an anti-virus support page, claiming that Macs are generally safeguarded against malware threats; it notes, however, that anti-virus software may still be useful.
Fresh-Faced Recruit
Joined: May 2005
Stupid users
Um, okay. Someone goes to a p*** site, is asked to MANUALLY download a video driver.
THEN after the drive image is mounted, they have to either drag the application to their hard drive or run it.
My question: I know in windows the Trojans are difficult to locate in memory whilst running or on the drive.
Generally, locating files on the Mac is not bad, and the activity monitor is great for tracking rogue programs.
Just curious to see how easy it is to clean the Mac.