Quantcast
The video player requires Flash 8 Player or later. Please download the latest Flash Player.
Maclife Hottest Articles
Thumbnail
FEATURE
100 Snow Leopard Tips, Tricks, and Features
Browser
FEATURE
OS X Browser Speed Wars: May the Fastest App Win
iTunes History
FEATURE
The Complete iTunes History -- SoundJam MP to iTunes 9
iTunes Tips
FEATURE
iTunes 9 Tips and Tricks - Solve the Mysteries of the New iTunes
RELATED CATEGORIES
News

Trojan Horse Security Alert
Posted 10/31/2007 at 7:11:10pm | by Mac|Life Staff

Intego has discovered the first 10.5 Trojan Horse in the wild. The "OSX.RSPlug.A Trojan Horse" is a malicious application that users inadvertently install on their machines while browsing pornography sites. The user will click on a still of video and the following message appears:

 

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

 

The .dmg file pretends to install the missing codec and asks for the users password giving the DNSChanger root access. Once active, it will hijack web requests leading the user to phising sites.

 

Intego states: Under Mac OS X 10.4, there is no way to see the changed DNS server in the operating system’s GUI. Under Mac OS X 10.5, this can be seen in the Advanced Network preferences; the added DNS servers are dimmed, and cannot be removed manually.

 

Remember folks, be careful out there.

COMMENTS: 3
TAGS: 
COMMENTS
avatarWell, this is unsettling. As

Submitted by dvsbstrd (not verified) on Wed, 2007-10-31 21:56

Well, this is unsettling.

As a frequenter of porn sites, this is a big deal.

Would this count as perhaps the first Mac OS X virus that actually DOES something?

Login or register to post comments
avatarIs this really on OS hack?

Submitted by Anonymous (not verified) on Thu, 2007-11-01 00:52

Reading this article. I would believe that this is really a user hack not and OS hack.

They are tricking the user into downloading their software. Then they trick the user again, this time they get the user to give their program administrator access.

They have not found a way to get their software onto the system without the users permission or knowledge. They have just found a way to alter something after getting the user to give it access.

This would be a trojan horse though. It pretends to be something it is not.

Login or register to post comments
avatarPorn virus!!

Submitted by Blandford Fly (not verified) on Thu, 2007-11-01 05:16

Porn, my only weakness. And now my computer's as well.

What's the world coming to when innocent porn is used in such a degrading manner...

Login or register to post comments