Phishing Trojan targets Mac OS X

[anandk]

Security vendor Intego claims to have uncovered a new Trojan attack that targets Apple's OS X operating system.

The OSX.RSPlug.A Trojan disguises itself as a video codec that offers access to a pornographic video.

Intego said that malware authors have spammed Mac forums with links for pornographic websites hosting the malware.

More info here http://www.vnunet.com/vnunet/news/22...trojan-targets

[aryayush]

New Trojan Horse targets Mac users
By Jim Dalrymple

Security research company Intego on Monday issued a security alert about a new Trojan Horse called OSX.RSPlug.A that specifically targets Mac users. The Trojan is a form of DNSChanger that changes the Mac’s Domain Name Server (DNS) address.

According to Intego, the Trojan has been found on several pornographic Web sites. When trying to view a movie, the user is told that “Quicktime Player is unable to play movie file. Please click here to download new version of codec.” Read more...

[Via Macworld]
__________________________________________________ _____________

Trojan Horse warning: What you need to know
How to detect—and remove—the OSX.RSPlug.A Trojan Horse
By Rob Griffiths

As you may have read, a new piece of OS X malware has been discovered. Intego has named this malware the OSX.RSPlug.A Trojan Horse. Note that this malware is not a virus—it can’t self-propagate from one machine to another. It is, however, definitely malicious, and it’s packaged in a well-designed trojan horse wrapper.

Your machine could be infected if you’ve recently gone looking for some, um, less-than-flattering pictures of Britney Spears. Thinking you’ve found what you’re looking for, you click a video to watch it, only to see a message stating that your machine lacks the necessary codec. A disk image will then start downloading, and (depending on the settings on your machine) may then mount and launch an installer which asks for your admin password.

Rule #1: Do not install software from untrusted sources, especially if that software comes as an installer package and requests your administrator’s password! However, if you do proceed to run the installer, here’s what will happen:

• Sorry, but you won’t be able to watch those videos, as no codec was installed.
• Your DNS will be changed to point to malicious DNS machines. What this means is that even if you type www.apple.com in your browser’s URL area, you may be taken there, to a phishing “clone” of that site, or to another site completely—such as a porn site. Where you wind up depends solely on how the malicious DNS machines are configured. If you consider ebay.com or paypal.com, for instance, the consequences may be dire.
• A cron job (scheduled task) will run every minute to restore the malicious DNS info, in case you change it.

This is really bad. Really. And even though it’s targeted at porn surfers today, the malware could easily be associated with anything else, like a new viral video site, or a site that purports to show commercials from the upcoming Super Bowl. Because this thing may spread to other such sites, we spent some time investigating the trojan—no, not its source sites!—to determine the best way to tell if you’ve been infected, as well as how to remove the software if you do find it on your machine. Read more...

[Via Macworld]

[naveen_reloaded]

It all starts like this.be ready to see more like this.fun begins from here.

Aaa scanning finished...2 trojan in my xp...move to quarantine:..
Sh.t i forgot to update my definition...

Downloading new def.
Scan again.
6 found..
Move again..

Cycle continues

[goobimama]

launch an installer which asks for your admin password.

Yeah!

[aryayush]

It all starts like this.be ready to see more like this.fun begins from here.

Actually, if the whole Mac community goes up in arms within mere minutes of a single trojan being found, I think it is pretty darn difficult for them to spread.

I may be wrong though.

[DigitalDude]

what he meant was.. 'this is just the starting'

but anyway this may be nothing just a rare case...

macs will not have much viruses bcos:

1) they are basically linux
2) most virus writers want to infect/promote stuff to massive number of systems and in the case of mac the massive number is not massive enough

[goobimama]

2) Would you like to be the creator of the 19842915th virus for Windows, or the first virus for a mac?

[DigitalDude]

^^^^^

both the positions have been taken well before

[aryayush]

The second one has been "taken" (a better word would be "conquered" or "achieved") today.

[DigitalDude]

^^^^

not today

http://www.macrumors.com/2006/02/16/...w-os-x-trojan/

[goobimama]

I don't consider something that requires me to enter my admin/password as a threat.

[gxsaurav]

I don't consider something that requires me to enter my admin/password as a threat.

We also don't consider it a threat which asks us for permission to install itself (UAC)

[naveen_reloaded]

Rightly said brother. But many dont realise UAC's potential to stop attacks like this.personally i haven disabled it.

[ax3]

so all OS`s r can b attacked & have security issues /........

[aryayush]

I don't consider something that requires me to enter my admin/password as a threat.

Well, it is a codec and all codecs need the administrator username and password. This is a virus, man.