Hackers Update Mac Porn RSPlug Trojan Horse
10:33 am, November 18th, 2008, Ed Sutherland
Mac users are being warned to beware of a new scam by hackers to plant a Trojan horse. RS.Plug.D is a more flexible update of the RS.Plug.A threat discovered in 2007, a security software vendor claimed Tuesday.
Like the original, the new version relies on Mac users to visit malicious porn sites, according to Intego. Unlike RS.Plug.A, this trojan software opens a security hole enabling hackers to repeatedly download files to your system.
When on a suspect porn site, visits will be shown an error message: “Video ActiveX Object Error,” followed by a message that the browser is unable to view the video file and a request to start a download.
ActiveX is usually linked to Windows-related files, not Macs. Despite that, the Web page downloads a file (often named “cleanlive.dmg”) from a remote site. Once downloaded, the file automatically launches a trojan that contacts the remote site again.
To avoid downloading the Trojan file, you must quit your browser, according to the company. Simply choosing “Cancel” returns you to the original “error” message.
Mac users can disable the Trojan by using an anti-virus application.
Posted by Ed Sutherland in News | Comment on this article
All that work to put a stupid Trojan on my Mac? Windows users have it so much easier!
Dan Knight, on November 18th, 2008 at 11:53 am
Also, ALL Mac users should turn off the ‘Open “safe” files after downloading’ option in Safari preferences.
If you do this, the trojan described above will not auto-install.
Since there are no “safe” files on the internet, Apple really should disable that feature once and for all.
Mark Aufflick, on November 18th, 2008 at 3:29 pm