MAC.BLORGE
TECH.BLORGE.com
GAMER.BLORGE.com
VISTA.BLORGE.com

November 18, 2008 |

Intego: New variant of existing Trojan

By Ronald O Carlson





For an anti-virus software company, especially one that’s a Mac specialist, finding fresh or, just as good, repackaged malware is an opportunity that can’t be passed up.

Intego has announced that a new variation of an existing Mac OS X-specific trojan (RSPlug) has been spotted on a number pornographic websites.

While this new variant currently performs the same actions [Ed—phishing] as the RSPlug.A Trojan horse, its installer is different: it is a downloader, and it contacts a remote server to download the files it installs. This means that, in the future, the downloader may be able to install other payloads than the one it currently installs.

Specifically, the porn sites in question will propagate a “Video ActiveX Object Error” message when a user clicks on a video link and requests that the user install the “missing Video ActiveX Object.”

If the user clicks OK — actually the user only has the option of clicking OK or force quitting the browser — a file named “cleanlive.dmg” is downloaded and could, depending the users’ browser settings, automatically start to install itself.

What’s a porn-consuming Mac user to do? As you might expect, Intego’s got the answer and, of course, it’s anything but free.

Means of protection: The best way to protect against this exploit is to run Intego VirusBarrier X5; the program’s behavioral analysis feature detects the activity of this Trojan horse.

See also Experts baffled by lack of malware…

Gee, imagine that. The best way to protect yourself isn’t to avoid downloading and installing RSPlug.A trojan horse, which requires your active participation, from a dodgy pornographic website. No, you should forgo common sense and give Intego $70.

Honestly, if a porno site asks you to do anything — install software, provide your credit card information, even take a survey — you should take Nancy Reagan’s advice and just say “no.”

Likewise, when an anti-virus company tells you the best way to avoid becoming a victim is to pay them, you should think of Nancy and do the right thing. Besides, you can always use clamXav and that’s free…

What’s your take?

Related:

  • PornTube: Pushing a ‘video update’ that’s really a trojan
  • Intego discovers iServices trojan in Photoshop serializer
  • How to remove OSX.Trojan.iServices.A, iServices.B
  • PCTools offers free antivirus for Mac
  • What? Apple recommending anti-virus software?!?

    • Sign up for the BLORGE email newsletter

    Entry was posted on Tuesday, November 18th, 2008 at 1:41 pm under Apple, Hacks, Leopard, Mac software, Macintosh, Security, news, opinion. Print This Post Print This Post

    Read more entries by Ronald O Carlson.
    StumbleUpon Toolbar Stumble It!

    Leave a Reply:

    Copyright © 2007 Engaging and compelling blogs that entertain and inform