Commentary
Security Firm Warns Of New Apple Malware
A Trojan horse application has been found circulating the Internet. If infected, users can end up having their system passwords nabbed, and be redirected to a number of phishing Web sites.A Trojan horse application has been found circulating the Internet. If infected, users can end up having their system passwords nabbed, and be redirected to a number of phishing Web sites.According to Mac desktop and privacy software maker Intego, a new variant on an older Trojan horse has been identified on several porno Web sites.
The OSX.RSPlug.D Trojan horse, as dubbed by Intego, will alert users to a bogus "Video ActiveX Object Error" and inform them that their browser isn't capable of running the requested video. Should the user download the suggested "Video ActiveX Object" by clicking OK, a disk image is downloaded and may automatically commence installing.
More Security Insights
White Papers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
Reports
More >>Webcasts
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
Then, according to Intego, it's all bad news from there:
If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator's password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the Web site, they will simply come to the same page and receive a new download.This Trojan horse, a form of DNSChanger, uses a sophisticated method, via the scutil command, to change the Mac's DNS server (the server that is used to look up the correspondences between domain names and IP addresses for Web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some Web requests, leading users to phishing Web sites (for sites such as eBay, PayPal, and some banks), or simply to Web pages displaying ads for other pornographic Web sites. In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be hijacked. In the latter case, it seems that this is being done solely to generate ad revenue.
Related Reading
| To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. | |
|
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More












