LAMALUG

[JStars]

Attackers aim at Apple with first Mac Trojan horse

While visiting a site, DO NOT linger upon a Web page that advises the following:

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

Such a page might download and attempt to install a program to your hard drive. It'll ask you for your Mac administrator's password. When it does so, say no!

According to the computer security firm Intego, such sites actually install a malicious Trojan horse application to your Mac. This app looks like it's installing a program, but instead it fiddles with your computer's Internet address settings in order to surreptitiously reroute you to so-called phishing sites as you travel the Web.

That is, you'll go to PayPal or eBay or your bank, but actually it'll be another site run by criminals in Siberia, likely, and when you enter your SSN and your password, well, say goodbye to your mortgage.

"But so what?" you're asking. "Isn't this sort of attack pretty run-of-the-mill on the modern Internet-connected machine?" Yeah, it is, on the modern Windows machine. In fact, when I said up there that this only affects Mac machines, I lied: As Symantec points out, these Web sites check to see what operating system you're running and will then serve up a version of the app -- Mac or Windows -- personally targeted to your destruction.

But I didn't need to warn Windows users, because anyone who's reading this and runs Windows already understands that ancient Chinese proverb regarding surfing while using Microsoft programs: Careful what you click, for behind every link might lurk a monster.

Mac users don't understand this. They haven't had to, because this represents the first-ever criminal Trojan horse program created to target Mac OS X.

We Mac fans have always been a bit smug about their OS being much more secure than Windows. Security experts have long pointed out that one explanation for the Mac's safety record is its low market share -- hackers haven't been much interested in attacking an OS that so few people use (relative to Windows).

But the Mac's market share has recently been growing faster than that of Windows. So Mac fans can consider this a sort of affirmation: They're finally important enough for attackers to care about them.

But remember, Macheads, be careful now. As Symantec says, "For those of you who thought you can use Macs to surf any type of Web sites on the Internet and not get infected, those days may be coming to an end sooner than you expected."

One final note: This is not the same as your Macintosh's auto-update feature. (For now) that is a safe feature to use. Also, there are many sites that do indeed tell you that you need to update your software to play movies and use other features on their web page. In general this Torjan Horse has come from websites that offer free pornography. But even if you never go to such sites, be aware that we should be watching for these problems to be popping up elsewhere in the future.

Edited and commented on by Jonathan Stars

[admin]

Here is a link to removing the OSX.RSPlug.A Trojan:
http://www.macworld.com/2007/10/firstlooks/trojanhorse/

It looks as though it is easier to fix on Leopard, however.