RSPlug.A Mac OS X trojan

Friday

Nov022007

Friday, November 2, 2007 at 12:12AM

Is the Mac now also becoming a target for malware?

clipped from arstechnica.com

the discovery of an actual malicious
trojan for the Mac

the OSX.RSPlug.A trojan dresses up like said Quicktime
codec, requiring an administrator password to install.

the "codec"
installer sets up a couple of fake DNS servers and a cron job that runs
every minute to reinstall the DNS servers in case they have been removed.

the malicious DNS servers are asked to translate domain names into IP
addresses, allowing the person in charge of these servers to redirect
selected destinations.

used for
phishing purposes "for sites such as eBay, PayPal and some banks"

users who think they're secure just because they're using a Mac

"the bad guys are taking Mac now seriously."

Mac OS X will soon become a significant target for malware writers for the first time.

The appearance of this trojan may mean that Apple has crossed some sort of threshold for malware writers.

this
trojan does not exploit any Mac OS X weakness

Ace |

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

Post a New Comment

Enter your information below to add a new comment.

My response is on my own website »

Author:

Author Email (optional):

Author URL (optional):

Post:

↓ | ↑

Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Ace on Tech