Apple Trojan returns to haunt Mac users

Macs are totally secure, discuss.

A nasty Trojan that first hit Mac users just over a year ago has returned with sharpened teeth, a security company has revealed.

According to Mac-only security company Intego, the latest variant of RSPlug, known as RSPlug.E, has been discovered by the company on porn websites masquerading as a missing ActiveX plug-in needed to play a video.

As with its many equivalents in the Windows world, the software tries to trick users into installing it after complaining of a "missing Video ActiveX Object", which turns out to be where the program starts its install routine.

Trying to cancel the install at this point by clicking cancel prompts the malware to deliver the message, "Please install new version of Video ActiveX Object". The only way out at this point is to exit the browser.

What users get for their naivety is a DNS hijacker, capable of redirecting web address requests to any website the criminal desires, including phishing websites.

"Mac users are pretty unsavvy as far as security is concerned," said Peter James of Intego, who reckoned that many still Mac users run their computers unprotected, despite numerous warnings.

"As Mac market share is increasing, malware is increasing proportionately," he said.

Intego, of course, admits that it has a vested interest in publicising Mac malware, including drive-by Trojans such as RSPlud.E. Nevertheless, the fact that Mac users are now facing the sort of Trojan programming threats regularly experienced by PC users should alert them to the importance of the issue.

As PC Trojans go, the programming features of RSPlug.E look fairly basic. PC malware is more highly evolved and usually cleverer. But a programmer - probably a Russian - with knowledge of OSX had taken time to create a Trojan that hits Macs instead of PCs, James pointed out.

One curiosity is that one of the key files installed by the program actually bears the name of Intego itself, a provocative reference to the company's publicising of previous versions of the Trojan, and possibly a warning too.

Intego warns Mac users not to download software form unknown sources - advice PC security vendors were handing out to Windows users five years ago.


What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.


Characters remaining: 500

Add your commentComments

Enjoy surfing the internet for hours at a time. | Published: 08:49 GMT, 15 December 2008

If you’re anything like me then you enjoy surfing the internet for hours at a time. There is so much information available I just seem to get wrapped up in it all. Of course, this means picking up bugs that can literally ruin my computer and cause it to run too slow. To take care of my PC I’ve been searching for a good scan to keep it bug free. I tried many different ones but I like Search-and-destroy Antispyware the best. With the antispyware solution from Search-and-destroy (http://www.Search-and-destroy.com/antispyware.html) I get one of the best scans I’ve ever used at a great low price. This is exactly what I’ve been searching for.

Marc | Published: 09:16 GMT, 05 December 2008

In other words, if a user doesn't have the root (admin) password, there is nothing so far that can infect them? Yet, anyway. Windows is insecure because of flaws in the security model that allows programs to install themselves with admin privileges without any user interaction. So far, I've yet to be convinced the same problem exists on Macs. But do keep trying, it's good for security, and for critical thinking skills as we look carefully at who stands to profit from people believing the scare tactics. It's not a matter of market share. It's a matter of design.

Dante | Published: 15:08 GMT, 04 December 2008

I totally agree with you, Mr. Collins. Mac users should not clutter up their computers with these bloated security softwares. There are no problems. Keep the Faith, man.

Ken Collins | Published: 17:35 GMT, 03 December 2008

Two trojans in two years. No viruses at all. Oh my! If only my Windows computer had problems like that.

Pete | Published: 16:40 GMT, 03 December 2008

I wonder what Intego's business plan looks like as a Mac-only security company. How do they make a living?

Dante | Published: 16:01 GMT, 03 December 2008

This is just Windoze hype by the Enemy. Keep the faith. There are NO virus out there for Macs. Keep your Macs clean. The Russian retirement fund thanks you for keeping the faith.

Related Security news

US military plotted revenge on Wikileaks

Considered using site to spread propaganda

Microsoft Excel glitch turns English into Chinese

Software giant admits update error

Iran hacks US spy websites, arrests cyber activists

Islamic Revolutionary Guards say opposition sites were waging cyber-war

Internet fraud losses doubled in 2009

FBI's IC3 report details most common Internet scams



Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Email archiving: Top 10 myths and challenges

This survey looks at a number of challenges and myths around email archiving that may also slow adoption of full archiving.

Download Whitepaper

Strategic mobile deployments

Deploying mobile applications? Supporting multiple devices? See why mobile platforms should be part of your IT strategy.

Download Whitepaper

Creating an AUP: Common myths & mistakes

Avoid the common myths & mistakes when implementing your AUP

Download Whitepaper

Legal risks of uncontrolled email and web use

Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Virtualisation 2.0
Driving to higher ground beyond the basics

Virtualisation can deliver unparalleled efficiency and cost reductions to your business, allowing direct access to servers and guaranteeing a dependable, rapid response in times of crisis. Read this e-book to learn more about consolidation, discover the latest technologies and find out how to reduce the TCO of virtualisation.

Download E-Book
COLT White Paper

IT Misuse Survey

Complete this survey and you could win a Nexus One

Techworld are running a short survey to discover how UK businesses are managing Internet and email misuse in the Enterprise.

Complete Survey

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *