Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
A Trojan horse application has been found circulating the Internet. If infected, users can end up having their system passwords nabbed, and be redirected to a number of phishing Web sites.
George V. Hulme, Contributing Writer
November 24, 2008
2 Min Read
A Trojan horse application has been found circulating the Internet. If infected, users can end up having their system passwords nabbed, and be redirected to a number of phishing Web sites.According to Mac desktop and privacy software maker Intego, a new variant on an older Trojan horse has been identified on several porno Web sites.
The OSX.RSPlug.D Trojan horse, as dubbed by Intego, will alert users to a bogus "Video ActiveX Object Error" and inform them that their browser isn't capable of running the requested video. Should the user download the suggested "Video ActiveX Object" by clicking OK, a disk image is downloaded and may automatically commence installing.
Then, according to Intego, it's all bad news from there:
"If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator's password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the Web site, they will simply come to the same page and receive a new download.
This Trojan horse, a form of DNSChanger, uses a sophisticated method, via the scutil command, to change the Mac's DNS server (the server that is used to look up the correspondences between domain names and IP addresses for Web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some Web requests, leading users to phishing Web sites (for sites such as eBay, PayPal, and some banks), or simply to Web pages displaying ads for other pornographic Web sites. In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be hijacked. In the latter case, it seems that this is being done solely to generate ad revenue.
About the Author(s)
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
You May Also Like
A screen displaying many different types of charts and graphs to show what data is being analyzed.Cybersecurity Analytics