Hackers Update Mac Porn RSPlug Trojan Horse

Ed Sutherland (10:33 am PDT, Nov 18 2008)

Mac users are being warned to beware of a new scam by hackers to plant a Trojan horse. RS.Plug.D is a more flexible update of the RS.Plug.A threat discovered in 2007, a security software vendor claimed Tuesday.

Like the original, the new version relies on Mac users to visit malicious porn sites, according to Intego. Unlike RS.Plug.A, this trojan software opens a security hole enabling hackers to repeatedly download files to your system.

When on a suspect porn site, visits will be shown an error message: “Video ActiveX Object Error,” followed by a message that the browser is unable to view the video file and a request to start a download.

ActiveX is usually linked to Windows-related files, not Macs. Despite that, the Web page downloads a file (often named “cleanlive.dmg”) from a remote site. Once downloaded, the file automatically launches a trojan that contacts the remote site again.

To avoid downloading the Trojan file, you must quit your browser, according to the company. Simply choosing “Cancel” returns you to the original “error” message.

Mac users can disable the Trojan by using an anti-virus application.

Apps you might like

2 comments »

Comments by Vanilla

About the author

Ed Sutherland is a veteran technology journalist who first heard of Apple when they grew on trees, Yahoo was run out of a Stanford dorm and Google was an unknown upstart. Since then, Sutherland has covered the whole technology landscape, concentrating on tracking the trends and figuring out the finances of large (and small) technology companies.

(sorry, you need Javascript to see this e-mail address)| Read more posts by Ed Sutherland.

Posted in News |