October 31, 2007
Roh-oh: Headless Trojan Horseman haunts the Mac
Posted Oct. 31, ’07, 1:42 PM PT by Dan Pourhadi
Category | Security
This seems fitting for Halloween — the whole spooky-and-invisible-ghoul-attacks thing. Apparently Intego — a security firm that develops the Mac anti-virus software VirusBarrier — has discovered an actual, honest-to-goodness Trojan Horse for the Mac, code-named OSX.RSPlug.A. (Remember, this isn’t a virus — viruses self-propagate, or move from one computer to another on their own. This does not.)
The horsey, found on several porn sites (I felt dirty writing that), masquerades as a QuickTime codec. When a user tries to view one of the site’s videos — horrible! horrible! — he’s told QuickTime can’t read the file, and that he has to download an updated version of the video codec for it to play. Shameless that he is, he downloads the disk image and installs the software.
The software, of course, isn’t a video codec at all, but rather a Trojan Horse that modifies his DNS settings! (Thunder! Crash! Dramatic music!) Macworld sums up the untamed horse’s nasty behavior:
When the malicious DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks) or to web pages displaying ads for other pornographic web sites, according to Intego.
Result: No porn for you! Oh, and your credit card info in the hands of evil, evil people.
But what does it all mean? How do you know if you’re infected? How do you exorcise your Mac of this evil? Thankfully, Rob “Freakin’ Genius” Griffiths answers all of these haunting questions in great detail at Macworld.
There is one sentence in Rob’s article that stands out, and should act as a mantra for all mankind:
Rule #1: Do not install software from untrusted sources, especially if that software comes as an installer package and requests your administrator’s password!
Word.
3 Comments
Leave a comment
Recent Entries
About MacUser
MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users — and, okay, some stuff that’s not quite relevant, but is still a lot of fun.
Subscribe/RSS
- Blog Posts
- Blog Comments
- Podcast (RSS) (iTunes)
Tip us off!
- Email: macuser [at] macuser [dot] com
Recent Comments 
- the truth on iPod touch users get second classed again with the omission of new Maps features
- James Katt on Apple levels DMCA on iPodhash project
- AdamC on Apple levels DMCA on iPodhash project
- sf addict on Ch-ch-ch-ch-changes afoot at MacUser
- Paul Norton on iPod touch users get second classed again with the omission of new Maps features
- me on iPod touch users get second classed again with the omission of new Maps features
Categories
- Apple (234)
- Advertising (162)
- Events (235)
- Huh? (182)
- Humor (259)
- News (148)
- People (258)
- Rivals (405)
- Speculation (167)
- Steve Jobs (172)
- Stores (206)
- Apple TV (58)
- Business (451)
- Games (143)
- Geekery (460)
- Hardware (935)
- Accessories (79)
- Intel Macs (162)
- Ihnatko (18)
- Internet (463)
- Legal (244)
- MacUser (95)
- Macalope (8)
- Money (177)
- Music (344)
- Podcasting (100)
- Photography (74)
- Security (246)
- Software (1544)
- Updates (538)
- Tips (352)
- Troubleshooting (189)
- Video (403)
- Windows (219)
- iPhone (199)
- iPod (602)
- iPod Accessories (96)
- iPod Software (61)
- iTunes (128)
- iTunes Store (443)
Archives
- November 2008 (92)
- October 2008 (138)
- September 2008 (151)
- August 2008 (177)
- July 2008 (175)
- June 2008 (171)
- May 2008 (185)
- April 2008 (234)
- March 2008 (217)
- February 2008 (215)
- January 2008 (239)
- December 2007 (169)
- November 2007 (164)
- October 2007 (187)
- September 2007 (167)
- August 2007 (195)
- July 2007 (152)
- June 2007 (223)
- May 2007 (243)
- April 2007 (286)
- March 2007 (288)
- February 2007 (250)
- January 2007 (266)
- December 2006 (244)
- November 2006 (293)
- October 2006 (307)
- September 2006 (250)
- August 2006 (268)
- July 2006 (288)
- June 2006 (293)
- May 2006 (297)
- April 2006 (351)
- March 2006 (366)
- February 2006 (110)
- January 2006 (107)
- December 2005 (23)
Mac Publishing Sites
Links
Actually worms self propagate. Viruses traditionally are attached to files or programs. When you open an infected file, the virus infects other files on the system, when you share those files (or the original) you spread the virus. Trojan horses do not necessarily have any mechanism to spread, just a payload in a file or program. You must share the trojan-infected file to spread the exploit.
Props for using that image. "Trust me.dmg" definitely got a laugh.
It's funny how you automatically used the word "He" as in - only men would visit such sites :)