Apple Trojan returns to haunt Mac users

RSPlug.E, has been discovered on porn Web sites masquerading as a missing ActiveX plug-in

John E. Dunn (Techworld)
04 December, 2008 07:43
Comments

A nasty Trojan that first hit Mac users just over a year ago has returned with sharpened teeth, a security company has revealed.

According to Mac-only security company Intego, the latest variant of RSPlug, known as RSPlug.E, has been discovered by the company on porn Web sites masquerading as a missing ActiveX plug-in needed to play a video.

As with its many equivalents in the Windows world, the software tries to trick users into installing it after complaining of a "missing Video ActiveX Object", which turns out to be where the program starts its install routine.

Trying to cancel the install at this point by clicking cancel prompts the malware to deliver the message, "Please install new version of Video ActiveX Object". The only way out at this point is to exit the browser.

What users get for their naivety is a DNS hijacker, capable of redirecting web address requests to any website the criminal desires, including phishing websites.

"Mac users are pretty unsavvy as far as security is concerned," said Peter James of Intego, who reckoned that many still Mac users run their computers unprotected, despite numerous warnings.

"As Mac market share is increasing, malware is increasing proportionately," he said.

Intego, of course, admits that it has a vested interest in publicising Mac malware, including drive-by Trojans such as RSPlud.E. Nevertheless, the fact that Mac users are now facing the sort of Trojan programming threats regularly experienced by PC users should alert them to the importance of the issue.

As PC Trojans go, the programming features of RSPlug.E look fairly basic. PC malware is more highly evolved and usually cleverer. But a programmer - probably a Russian - with knowledge of OSX had taken time to create a Trojan that hits Macs instead of PCs, James pointed out.

One curiosity is that one of the key files installed by the program actually bears the name of Intego itself, a provocative reference to the company's publicising of previous versions of the Trojan, and possibly a warning too.

Intego warns Mac users not to download software form unknown sources - advice PC security vendors were handing out to Windows users five years ago.

Come socialise with us! Facebook | LinkedIn

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: Apple, Intego, Macs

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Free Allied Telesis Wireless Router

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Featured Resources

Premier Media Group Fast Study

A Fast Study is a succinct, easy to read Case Study. Spectra Logic aims to provide an overview of how to obtain the right solution for data archive, backup and recovery.

Most Popular Resource Papers

Market Potential-Strategy Guide to the Active Archive Market

The active archive market is a growing segment where tape is seen as part of a disk or network fileystem. This means that to an end user disk and tape are “blended” and whether file is held on disk or tape is “invisible” to the end user. The active archive market is the fastest growing space in the storage industry and allows direct end user access to tape through a file system front end.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management