OSNews > Thread > "RE[3]: Is this the best they can do" by Thom

Linked by Thom Holwerda on Wed 31st Oct 2007 20:06 UTC

"A new trojan horse designed specifically for Mac OS X systems has been discovered on several pornography websites that can hijack Web traffic, according to security firm Intego. Affected systems are used to hijack some Web requests that lead users to other phishing sites, or simply display ads for other pornographic websites to generate ad revenue. Phishing attacks may lead users to believe they are surfing to eBay, Paypal, or various banks when in fact they are accessing specially-crafted mockups designed to retrieve usernames and passwords for those sites. The trojan, titled OSX.RSPlug.A, is rated as a critical risk by Intego, and is known to affect Mac OS X 10.4 Tiger as well as Mac OS X 10.5 Leopard. Intego is testing prior versions of Mac OS X, but believes them to be vulnerable as well."

0 67 Comment(s)

http://osne.ws/ejt

Thread beginning with comment 282112
To view parent comment, click here.
To read all comments associated with this story, please click here.

RE[3]: Is this the best they can do

by Thom_Holwerda on Wed 31st Oct 2007 22:03 UTC in reply to "RE[2]: Is this the best they can do"

Member since:
2005-06-29

I understand this and so do others but making it news like it's some kind of dooms day device on the OS is not right. Just the right timing for not long after the Leopard release, got to love OSnews.

As far as I can recall, this is the first trojan in the wild for OS X - instead of previous alarm bells that were just proof-of-concepts or whatever.

That is what made me publish it on OSNews today. There is no conspiracy.

Reply Parent Bookmark Score: 3

RE[4]: Is this the best they can do

by RIchard James13 on Wed 31st Oct 2007 23:51 in reply to "RE[3]: Is this the best they can do"

Member since:
2007-10-26

Is there another source for this "information" other than from Intego?

As a Linux user I remain highly skeptical of Virus Protection companies. Especially when they mark something as critical that involves Social Engineering.

Reply Parent Bookmark Score: 6

RE[5]: Is this the best they can do

by leech on Thu 1st Nov 2007 00:01 in reply to "RE[4]: Is this the best they can do"

Member since:
2006-01-10

I completely agree. A social engineered virus is not something that would be "critical". If it were a simple process of going to a website then boom, you're infected. Then it should be marked as critical.

As it is, this is just a "If you're a horny retard, you'll get infected."

Out of curiosity, doesn't Safari have anti-phishing features built-in as well? I know Firefox does. The only other way I can think of to really trick say typing in ebay.com and getting another site would be if there were something in the hosts file itself. Then again, I'm not a virus programmer, so I'm not sure.

Either way, much like a virus that kept popping up a message using the Windows Messenger (I mean the actual windows messenger, not MSN Messenger. The one that is used for Administrators to announce whether servers are going down, etc.) that would say "Pay us 10 dollars and this will go away." Talk about extortion. Especially since turning off that thing is as easy as going into the services.

Reply Parent Bookmark Score: 4