"A new trojan horse designed specifically for Mac OS X systems has been discovered on several pornography websites that can hijack Web traffic, according to security firm Intego. Affected systems are used to hijack some Web requests that lead users to other phishing sites, or simply display ads for other pornographic websites to generate ad revenue. Phishing attacks may lead users to believe they are surfing to eBay, Paypal, or various banks when in fact they are accessing specially-crafted mockups designed to retrieve usernames and passwords for those sites. The trojan, titled OSX.RSPlug.A, is rated as a critical risk by Intego, and is known to affect Mac OS X 10.4 Tiger as well as Mac OS X 10.5 Leopard. Intego is testing prior versions of Mac OS X, but believes them to be vulnerable as well."
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-11-12
Member since:2005-06-29
As far as I can recall, this is the first trojan in the wild for OS X - instead of previous alarm bells that were just proof-of-concepts or whatever.
That is what made me publish it on OSNews today. There is no conspiracy.
Member since:2005-07-06
Member since:2005-10-19
Ah yes, the "I don't like this news, so it not news" approach.
MacOS makes a big deal about how their OS does not get viruses:
http://movies.apple.com/movies/us/apple/getamac_ads1/viruses_480x37...
It is therefore newsworthy if they are then affected by them. Simple.
And yes, I am aware of the difference between a virus and a trojan, and it makes no difference.
Member since:2006-04-26
I don't think anybody is making excuses, because there is nothing anybody can do against a program that the user deliberately installs. I suppose if Safari automatically downloaded and installed it without the user's knowledge, then Apple could definitely be taken to task for it.
However, it does highlight the issue (at least to me) that the "Download 'safe' files" option should not be checked by default in Safari. Still, even with this option checked all it does is download and mount the image. Though that is definitely scary in itself, it still doesn't hurt the user's system until they install the program. This is far different from say, the drive-by download and install BHOs and ActiveX controls that plagued IE on Windows for so long.
The article does say that one thing the user can do to protect themselves is to buy the Intego VirusBarrier X4 which incidentally is available from the company that issued the release 
Member since:2005-10-11
Member since:2005-07-06
If there's a trojan, just get it fixed, no reason to be in denial over it if it really exists.
It's not the trojan but the users willingness of bluntly installing anything that pops up. According to the article the user got a message to install something (should ring a bell or two), the user had to give admin credentials (should bring you into defcon 3).
I instructed a lot of users not to install anything unless you downloaded it from a verifyable source and with good reason.
Sex sells and still attracts a lot of people. The internet is just another medium. And as anything that works with files (software) can be abbused and sooner or later will be abbused.
The article is nothing extraordinary. What in my opinion is more remarkable ( mind i'm not an OSX expert in any way) is the lack of adjusting the dns server entries with the known OSX "it just works" userfriendlyness.
Member since:2005-07-07
Member since:2005-07-06
Member since:
2007-06-24
A trojan is a trojan. It doesn't matter if it came from some obscure corner of the web or not, it still exists and it can still potentially deal damage to someones system. There are risks to doing anything online. I'm sure you've seen plenty of trojans get leaked with trusted software. Anyways, I'm just tired of the excuses. If there's a trojan, just get it fixed, no reason to be in denial over it if it really exists.