|
#1
November 21st, 2008, 03:25 PM
| |||
| |||
 Mac OS X targeted by Trojan and backdoor tool Mac OS X targeted by Trojan and backdoor tool Matthew Broersma ZDNet.co.uk Published: 21 Nov 2008 12:08 GMT Two pieces of malicious software affecting Apple's Mac OS X appeared this week: a Trojan horse with the ability to download and install malicious code of an attacker's choice, and a hacker tool for creating backdoors, according to security vendors. The Trojan — called 'OSX.RSPlug.D' by Intego, the Mac security specialist that discovered the threat — is a variant on an older piece of malicious code but with a new installer, Intego said. "It is a downloader, and it contacts a remote server to download the files it installs," Intego said in an advisory. "This means that, in the future, the downloader may be able to install payloads [other] than the one it currently installs." In other respects the Trojan is similar to previous versions of RSPlug, which first surfaced in October 2007, Intego said. It installs a piece of malicious code known as DNSChanger, which routes the user's internet traffic through a malicious DNS server, leading users to phishing websites or pages displaying advertisements. The Trojan is found on porn websites posing as a codec needed to play video files, a technique used to trick the user into downloading and installing it. Intego said OSX.RSPlug.D has been widely confused with a separate threat publicised this week by several security firms. That threat is called OSX.TrojanKit.Malez by Intego and OSX.Lamzev.A by other vendors, including Symantec and Trend Micro. OSX.Lamzev.A is a hacker tool designed primarily to allow attackers to install backdoors in a user's system, according to Intego. However, the company dismissed the tool as a serious threat because a potential hacker has to have physical access to a system to install the backdoor. "Unlike true malware and Trojan horses, OSX.TrojanKit.Malez requires that a hacker already have access to a Mac in order to install the code," Intego stated. Other antivirus vendors noted that Lamzev could be disguised as a piece of legitimate software and used to trick users into creating the backdoor themselves. Lamzev is not related to RSPlug, despite several high-profile reports confounding the two, Intego emphasised. "This hacker tool has nothing to do with the RSPlug Trojan horse," Intego stated. Security vendors have long warned that the Mac platform is not as secure as some users might like to believe. Apple had not responded to a request for comment at the time of publication.  |
|
#2
November 21st, 2008, 05:21 PM
| ||||
| ||||
|
Again with the porn sites. What I want to know is, are these legitimate porn sites that have been hacked (or maybe even designed maliciously), or merely fronts designed to deliver this malware?
__________________ Mac mini — 1.25GHz G4, 1GB RAM — OS 10.5.8 Useful programs: Privoxy, Butler, ffmpegX, VLC, Perian, Tofu, Wcalc |
|
#3
November 21st, 2008, 08:50 PM
| ||||
| ||||
|
You need to stay with the reputable porn sites, Mikuro. . . .  --J.D.
__________________ MacBook 2.4 GHz Intel Core 2 Duo, 6 Gig RAM, 10.6.2 Fear Me! FEAR ME! His secrets are not sold cheaply. It is perilous to waste his time. |
|
#4
November 22nd, 2008, 12:48 AM
| ||||
| ||||
|
__________________ find / -name 'nancy pelosi' -exec rm {} ; rm -rf /System/Library/StartupItems/"${1}" stockholm syndrome 10 Oct 09 - I just got a new Macbook Pro! WooHoo!!! |
|
#5
November 22nd, 2008, 10:14 AM
| ||||
| ||||
|
The keyword in the above article is "trick." If you are "infected" by either of these trojans, then it is the sole fault of the user his/herself. These trojans require you to let them install on your system. They cannot infect your system without you specifically and explicitly giving them permission to install themselves. If you do find yourself infected, it is by your own doing. The same as if someone asks you for your PIN number to your ATM card and you willingly tell them, then you have no one to blame but yourself when your bank account is depleted.
__________________ Mac mini 2.0GHz 10.6.2 • 4GB • 320GB • Superdrive • 4 x 1TB USB 2.0 • LED Cinema Display MacBook 2.0GHz Core 2 Duo - White 10.6.2 • 4GB • 250GB • CD-RW/DVD-ROM iPhone 3G 8GB • iPod Touch 8GB • iPod Photo 60GB • iPod nano 1GB • AT&T U-Verse 18Mb/2Mb http://www.jeffhoppe.com |
|
#6
November 22nd, 2008, 03:12 PM
| |||
| |||
|
Lol, kinda obvious when you know you have the latest version of everything. You gotta know your computer
|
|
#7
November 22nd, 2008, 04:18 PM
| ||||
| ||||
|
The way a Mac user is tricked is the web page will say "You need this QuickTime Plugin ...". Remember the best all around free QuickTime Plugins that most any Mac user will ever need is Perian and Flip4Mac. After installjng these two free plugins you will be able to see most every other video stream on the whole internet EXCEPT Windows Media 10+ because all those videos have the Microsoft proprietary DRM automatically imbedded in the transcoded video. There is no getting past that on a non Windows system. This is why most video streaming is going flash based.
__________________ Mac Pro Dual 2.8 Quad (1st gen), 14G Ram, Two DVD-RW Drives, OS X 10.6.2 Mac Book Pro Core 2 Duo 2.16Ghz, SuperDrive, ATI X1600, 2GB RAM, OS X 10.6.2 2TB Time Capsule 32G iPhone 3GS Black |
| The Following User Says Thank You to Satcomer For This Useful Post: | ||
Hughvane (November 22nd, 2008) | ||
|
#8
November 22nd, 2008, 04:46 PM
| ||||
| ||||
 Good Information Quote:
__________________ G4 eMac 1.25 GHz, OS 10.4.11 G3 iMac 600, OS 10.3.9 G3 b/w 350, dual drives, dual OS, 10.3.9, 9.2.2 Numerous peripheral gadgets, all working. |
 |
| Bookmarks |
| Thread Tools | |
|
|
All times are GMT -5. The time now is 08:00 PM.
