Mac OS X Targeted by Trojan and Backdoor Tool!

Hello there! If you are new here, you might want to subscribe to the RSS feed or setup an email subscription for the site.

Two pieces of malicious software affecting Apple’s Mac OS X appeared this week: a Trojan horse with the ability to download and install malicious code of an attacker’s choice, and a hacker tool for creating backdoors, according to security vendors. The Trojan which is called ‘OSX.RSPlug.D’ by Intego, the Mac security specialist that discovered the threat is a variant on an older piece of malicious code but with a new installer, Intego said. ”It is a downloader, and it contacts a remote server to download the files it installs,” Intego said in an advisory. “This means that, in the future, the downloader may be able to install payloads [other] than the one it currently installs.”In other respects the Trojan is similar to previous versions of RSPlug, which first surfaced in October 2007, Intego said. It installs a piece of malicious code known as DNSChanger, which routes the user’s internet traffic through a malicious DNS server, leading users to phishing websites or pages displaying advertisements. The Trojan is found on porn websites posing as a codec needed to play video files, a technique used to trick the user into downloading and installing it.

Intego said OSX.RSPlug.D has been widely confused with a separate threat publicized this week by several security firms. That threat is called OSX.TrojanKit.Malez by Intego and OSX.Lamzev.A by other vendors, including Symantec and Trend Micro.

OSX.Lamzev.A is a hacker tool designed primarily to allow attackers to install backdoors in a user’s system, according to Intego. However, the company dismissed the tool as a serious threat because a potential hacker has to have physical access to a system to install the backdoor. ”Unlike true malware and Trojan horses, OSX.TrojanKit.Malez requires that a hacker already have access to a Mac in order to install the code,” Intego stated. Other antivirus vendors noted that Lamzev could be disguised as a piece of legitimate software and used to trick users into creating the backdoor themselves.

Lamzev is not related to RSPlug, despite several high-profile reports confounding the two, Intego emphasized. “This hacker tool has nothing to do with the RSPlug Trojan horse,” Intego stated. Security vendors have long warned that the Mac platform is not as secure as some users might like to believe. Apple had not responded to a request for comment at the time of publication. So with the Mac OS X on the rise and with more and more people starting to use Apple computers, we can only expect these types of attacks to increase. Basically, Mac users need to be careful when on the web because as much as they like to think their computers are safe, they have threats out there as well!

Apple, Security, Technology | Andrew | 49 Views | November 24, 2008 8:40 am

venslugen

Ha, had to happen sometime. Poor Mac users are probably crying because they are realizing their comps arent bulletproof like Apple had them believe.
http://www.andrewsayshello.com Andrew

I will have to agree with you on that one. Up until now Mac users haven't really ever had to worry about viruses and such, but as Apple keeps advertising Mac OS X and they keep gaining ground and getting more and more users… the people behind this type of stuff will most defiantly start to focus more on these people who haven't ever really had to even think about anti-virus software.
http://www.andrewsayshello.com Andrew

Yes at the time of my previous comment I was at my g/f's house which in fact I was using her Mac… funny how that works lol

AndrewSaysHello.com

Andrew's Website for Lots-o-Fun and Junk!