Malware Shows Its Ugly Head In OSX.RSPlug Variant
- 4
- Add a Comment
In general, I like to think that most people know not to download everything that they are told to without at least giving it some thought before doing so. This being said, if this was the case with everyone, then news stories about malware such as the OSX.RSPlug variant would not be a big concern. Unfortunately, this is not the case.
It seems that in some user’s quest for “video”, some individuals are being suckered into installing a nasty little Trojan for OS X. Where the confusion takes place is that the installation is supposed to be for a video codec. And the website where people are apparently doing the installations, is reported to have a rather legit look to it. Sadly, any positive news stops there as those same hapless individuals have just been married to a OSX.RSPlug variant.
What makes this all the more tragic is that this latest variant is not fitting the stereotypical porn user’s profile. Attempts to watch otherwise normal, family friendly video has been reported in attempts to get people to install a special codec, which is really just a delivery system for the Trojan.
4 Comments
MacSmiley
April 3rd, 2009
at 7:05pm
The other day, when I went to ABC.com to watch the last episode of Dancing With the Stars, they wanted me to download a plug-in with a EULA!
Instead of doing the installation, since I knew about this, I angrily tweeted my reaction:
“Why are you telling me I have to install a plug-in to watch episodes, ABC.com? There’s nothing in the FAQ about this.”
This is more than likely a legit plug-in, but oh so unnecessary in this day and age… because social engineering works.
Careful is as careful does.
JBK
April 3rd, 2009
at 7:08pm
Whoa, Thanks for posting this one. Anything we should know to avoid this bad boy?
Calgary Guru
April 3rd, 2009
at 11:55pm
Then again, if I write a simple Applescript that messes up your system, and you choose to download and install it and run it… just as much damage can result as this trojan.
No firewall will protect you.
Common sense will protect you.
If VLC player can’t view the file in question, or if a combo of Quicktime, Flip4Mac and Perian can’t show the movie, then no magic additional codec is going to be out there to do it… and so we just need to learn to ignore these things. They’ve been around for awhile. Most are normally meant for the PC folks out there, but even if there is this Mac OS X one, the same thing applies… Leave it alone.
Education is the key. Once you understand to just ignore these things, it is easy to remain secure. Besides, it is false hope to become dependent on some sort of virus monitoring extension… They all fail eventually. It is much better to learn how to avoid the malware in the first place. Once you learn what to avoid, the anti-virus programs become something you can skip.
My thoughts, anyway…
Mark
April 4th, 2009
at 12:58pm
If a vid doesn’t run under Perian http://perian.org/) or Flip4Mac telestream.net) I delete it immediately.
Not only do I not want to bother with finding, downloading, and installing codecs–I don’t trust them.