Trojan Horse Security Alert

Anonymous's picture

Trojan Horse Security Alert

Intego has discovered the first 10.5 Trojan Horse in the wild. The "OSX.RSPlug.A Trojan Horse" is a malicious application that users inadvertently install on their machines while browsing pornography sites. The user will click on a still of video and the following message appears:


Quicktime Player is unable to play movie file.
Please click here to download new version of codec.


The .dmg file pretends to install the missing codec and asks for the users password giving the DNSChanger root access. Once active, it will hijack web requests leading the user to phising sites.


Intego states: Under Mac OS X 10.4, there is no way to see the changed DNS server in the operating system’s GUI. Under Mac OS X 10.5, this can be seen in the Advanced Network preferences; the added DNS servers are dimmed, and cannot be removed manually.


Remember folks, be careful out there.



+ Add a Comment


Reading this article. I would believe that this is really a user hack not and OS hack.

They are tricking the user into downloading their software. Then they trick the user again, this time they get the user to give their program administrator access.

They have not found a way to get their software onto the system without the users permission or knowledge. They have just found a way to alter something after getting the user to give it access.

This would be a trojan horse though. It pretends to be something it is not.


Blandford Fly

Porn, my only weakness. And now my computer's as well.

What's the world coming to when innocent porn is used in such a degrading manner...



Well, this is unsettling.

As a frequenter of porn sites, this is a big deal.

Would this count as perhaps the first Mac OS X virus that actually DOES something?

Log in to Mac|Life directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.