Loading ...
Sorry, an error occurred while loading the content.

OSX.RSPlug.A. A Mac Trojan

Expand Messages
  • Jose Medeiros
    Are any of you aware of this Trojan? Please read below. Jose Medeiros :-) - -- OSX.RSPlug.A. A Mac Trojan that spreads by spam emails designed to lure users to
    Message 1 of 2 , May 2, 2008
    • 0 Attachment
      Are any of you aware of this Trojan? Please read below.

      Jose Medeiros :-)

      - -- OSX.RSPlug.A. A Mac Trojan that spreads by spam emails designed to lure users to pornography sites. Visitors are presented with a still image from a salacious video. Clicking on the image to play the video returns the following message: "Quicktime Player is unable to play movie file. Please click here to download new version of codec." After the linked page loads, malware is downloaded and launches an installer. The installer requires the user to enter the admin password. Once the password has been entered, the malware infection is complete. The Trojan alters network settings, redirecting webpages and funneling advertisements for porn sites to your Mac.
      More information:
      http://www.geekstogo.com/2007/10/31/osxrspluga-trojan-info-and-removal/




      Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
    • Charles Gousha
      Best example of Mac-oriented social engineering I ve seen yet. And no way to stop it, short of being smart about what you re installing. For those wanting an
      Message 2 of 2 , May 2, 2008
      • 0 Attachment
        Best example of Mac-oriented social engineering I've seen yet.
        And no way to stop it, short of being smart about what you're installing.

        For those wanting an extra tool against such things, I found a piece recently that allows you to examine the contents of an installer package through Leopard's QuickLook tool.  Select the .pkg file, press spacebar, and it's all listed out.  Very handy.


        On May 2, 2008, at 10:58 AM, Jose Medeiros wrote:
        Are any of you aware of this Trojan? Please read below.

        - -- OSX.RSPlug.A. A Mac Trojan that spreads by spam emails designed to lure users to pornography sites. Visitors are presented with a still image from a salacious video. Clicking on the image to play the video returns the following message: "Quicktime Player is unable to play movie file. Please click here to download new version of codec." After the linked page loads, malware is downloaded and launches an installer. The installer requires the user to enter the admin password. Once the password has been entered, the malware infection is complete. The Trojan alters network settings, redirecting webpages and funneling advertisements for porn sites to your Mac.
        More information:
        http://www.geekstogo.com/2007/10/31/osxrspluga-trojan-info-and-removal/


        Charles Gousha     coordinator - Silicon Valley Mac User Group

        http://www.svmug.org

        User group meetings 7pm, third Monday of each month

        Town Hall theatre, Infinite Loop 4 building

        Apple Inc. Campus (just south of hwy 280), Cupertino



      Your message has been successfully submitted and would be delivered to recipients shortly.