New trojan hijacks OS/X
Installs twisted DNS
A NEW TROJAN horse malware attack has tipped up that targets Mac OS/X users, according to security firm Intego.
Dubbed OSX.RSPlug.A and classified as a Critical risk, it was discovered on October 30 at several pornography websites, offering to install a codec to view porn videos.
A lot of spam has been posted to Mac forums attempting to lure surfers to the porn sites. When users go to the websites they find pornographic images. If they click on a still hoping it will launch a video, their browser is redirected to another website that claims they have to install a video codec in order to view the porn clip, displaying:
Quicktime Player is unable to play movie file.
Please click here to download new version of codec.
Clicking on the link downloads a disk image file (.dmg) to the user's system. If the user's browser or the user mounts the file and installs a package named "install.pkg", the installation process requests the system administrator password, which grants the Trojan full root privileges. The system is infected, but no video codec is installed.
The Trojan horse is a form of DNSChanger, which uses the scutil command to add a malicious Mac OS/X DNS server. When the twisted DNS server is active, it redirects some website requests to phishing sites or porn website ad pages. Websites targeted include Ebay, PayPal and those of some banks. The phishing sites attempt to induce punters to enter account numbers and passwords, or other personal information.
All versions of Mac OS/X are suspected to be vulnerable. The full report is here. µ
Comments
Trojan my arse
This is the least scary virus of all time. And it doesn't breach any security.If you willingly download AND install unknown software with your root account, you have caused yourself problems.
If you go to windowsvirusesbutalsofakeporn.com and download the "codec", and install it with your administrator user, you are asking for trouble.
This also applies to every other OS in the world, because it isn't breaking any security, you are installing the virus yourself.
Vulnerable?
How on earth is this a vulnerability of the operating system? You have to download an executable and then give it the admin password for it to do anything. If you're in the habit of running questionable programs as an admin user then you deserve everything you get - whatever OS you're running.Soon...
... the Apple Apologists will descend upon this story, en masse, in an exasperated attempt to downplay either the potential danger of this threat or the likelihood that it will cause any serious harm. That will then be followed by comments about how few attacks of this nature there are for Macs and how many there are for PCs, obviously ceding the essential point that such a purportedly "superior" and worshipped OS shouldn't have such vulnerabilities. If God is actually fallible, how "superior" or, more to the point, worthy of genuflection can he/she/it really be?...
And so it begins.Well...
At least the MacOSX trojan asks for the administrative password as opposed to most Windows trojans which waltz right past any sort of security and set up roost in the holiest of holies.Who's hyping this?
So this "Trojan" that requires you to download something from a porn site, mount the image, double click on the installer and then actively elevate user rights so that it installs is "Critical"? Where was this report from again? That would be a firm trying to flog OS X antivirus for the princely sum of £55 then. Whether the people who would pay that price intersects with the people dumb enough to get caught by this Trojan is an exercise for others.lol
Ah but it is a vunerabliity because it attacks the ignorance of OSX users thinking they are invunerable to nasty thingsWhy is this a story?
This isn't the first malware written for the OS/X with this exact behavior. I use both Windows and Apple computers. Technically, this is a trojan horse because it masquerades as a valid, useful application, only to deliver a payload. But as stated above, its risk is very low because it can't do anything without authorization/approval from the user. I run a security suite on my WIndows systems, and no security software on my Mac, and by following a few rules have never had problems with malware on either OS: (1) Don't visit porn sites, and ESPECIALLY NEVER download and install ANYTHING from a porn site. (2) Don't use torrent software in an attempt to get illegal sofware/music. (3) Same with P2P programs (the RIAA is flooding these sites with bad music files, and some suspect viruses as well). Believe this: hackers are not your friend. They are not philanthropists - the warez they offer on P2P/torrent sites are often carrots to get you to download malware onto your computer.And face it, the Mac has much, much less malware atacking it than Windows. And no Mac virus, as of yet, can get into system files without the user's permission. Why do you think Windows put UAC in Vista?
what a mac use thinks
well that is just wrong! how dare those miscreants do that!! After all that trouble!!! It doesn't even install the codec!!!!Please re-read the title
To those comments above, please re-read the title. This isn't about the vulnerability of the Mac. It's about a wide-spreading trojan that the general public should be made aware of. As Mac begins to market for the general public, that includes those that click before asking. Most of Windows "vulnerabilities" are due to user error--welcome, Mac fans, to this new era.It will work
Despite The Stupid lining up to defend their precious OSx, thousands will fall for it, they always do, no matter what OS. You can bet that thousands of those that lined up to pay too much for a shiny Mac will fall for this. No matter how secure any OS is, it cannot protect you from yourself.The point that needs to be observed is that malware authors are bothering to target OSx at all, no matter how. That is that part that should put a little fright in all of them.
Of course it's a Trojan
Yes you are installing the Trojan yourself, that's why it's aimed at the people who think they are safe from these kind of attacks i.e. Mac users! Time to wake up and smell the coffee (cappuccino?) guys.That's ridiculous
I'm sorry, but downloading software, clearly labeled with a .dmg file extension from a fake porno site and running it is clearly a stupid and unsafe thing to do, however I would expect a secure OS to allow you to do so without doing any damage. However, the user giving it ROOT access to run makes it a 100% user error problem, and nothing to do with the operating system. I could run rm -fr / on a Linux box as root and that wouldn't be a flaw with the OS, because it has to assume the user is smart enough not to give full system access to unknown users or programs.Predictable
I'd eat my boots if I didn't see a bunch of Mac whores telling that it was not Apple's fault.Thinking that way, it is never the OS' fault, the blame goes to who made the virus!
By the way those fanboys are the kind of hacks who are capable of giving away their passwords just to see some free porn, so it is critical indeed.
thanks
good to know, i don't really visit porn sites much anyway but it wouldn't actually be the first time a mac user has unknowingly installed something they shouldn't have. myspace got phished (and since then i have deleted the useless account)... someone has said the security company is trying to sell something, not surprising either... but maybe i should get out my copy of norton antivirus and install it. then again, who knows. maybe not..... :) i think this only refers to certain types of people who need security. in tech support for a major PC manufacturer, i try my best to help.It is a user selected download ...
... requiring additional user input to install, as any other 'system level' access Macintosh application would.Read the article 'Trojan Horse warning: What you need to know' at '<http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php>', for specifics and if needed - removal of the applications' related files.
not worried
It's not a virus, so I'm not worried. I always pay attention to things that ask for my password to install things into my computer.lets celebrate
I think everyone should be celebrating about this.It means that those misleading TV ads have finally gotten to the masses, and Mac OS X presumably now has a greater market share, something of which Mac fans should be happy about.
Windows fans can also be happy, as now Mac is officially not idiot/trojan-proof, and even the average Windows PC could prevent something like that (by average I mean people who have anti-virus/anti-malware).
People deserved it if they were that fallible to download the trojan. There's really nothing much that anyone needs to do to protect themselves. If you're accessing any questionable sites or files (pron, p2p, torrents, roms etc), do your research. Google the sites, read comments on files and software, and so on. I run XP SP2 on an admin account (ie6, sp2 firewall, no anti-virus/anti-malware at all) and I hardly ever get malware. People just need to be careful.
Yes and No
Yes to all those who commented above. This trojan requires a lot of user interaction and is MUCH harder to propagate than a Windows trojan.No to all those above who underestimate the stupidity of the human race in the quest for free porn. Of course some will go all the way, do whatever it takes, to install the "codec" because there is free porn... maybe.
How functional is the brain of the obsessive up til the wee hours repeatedly clicking on links and opening popups, 5 browsers open with 40 tabs on each? Functional enough to install a file and give it root access but not functional enough to ask why.