New Mac Trojan: RSPlug-F / OSX/Puper.a
Written by Josh Long
Just days after Safari's security was publicly shamed in the CanSecWest PWN2OWN contest, the Mac's security is further called into question thanks to a new variant of a Mac Trojan horse found in the wild. Click "Read more" for details.
According to McAfee, this new variant of the OSX.RSPlug Trojan comes bundled with software that claims to be an "HDTV player" called MacCinema. If successfully installed (and, as usual, the user must type an administrator password to install it), the malware changes the Mac's DNS settings to use malicious server IPs. Thus, any domain accessed from that Mac could potentially be spoofed, making phishing scams and further malware infection much easier for the owner of the malicious DNS servers—and more difficult for the end user to detect.
Intego has been protecting against this malware since March 17th, Sophos since March 20th, Symantec since March 23rd, the free ClamAV since March 24th, and finally McAfee as of this morning, March 26th.
In other Mac security news, PWN2OWN hacker Charlie Miller recently said in a ZDNet interview that Macs and Safari are very easy to exploit. According to Miller:
"Safari on the Mac is easier to exploit. The things that Windows do [sic] to make it harder (for an exploit to work), Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows."
Miller also said that he refuses to disclose vulnerabilities to companies such as Apple unless he gets paid for it.
We'll discuss the topic of Mac security further on tonight's MacMod:LIVE podcast. Be sure to tune in live at 10 PM Eastern (7 PM Pacific)! If you miss the live show, you can download the MP3 later at macmodlive.com.
According to McAfee, this new variant of the OSX.RSPlug Trojan comes bundled with software that claims to be an "HDTV player" called MacCinema. If successfully installed (and, as usual, the user must type an administrator password to install it), the malware changes the Mac's DNS settings to use malicious server IPs. Thus, any domain accessed from that Mac could potentially be spoofed, making phishing scams and further malware infection much easier for the owner of the malicious DNS servers—and more difficult for the end user to detect.
Intego has been protecting against this malware since March 17th, Sophos since March 20th, Symantec since March 23rd, the free ClamAV since March 24th, and finally McAfee as of this morning, March 26th.
In other Mac security news, PWN2OWN hacker Charlie Miller recently said in a ZDNet interview that Macs and Safari are very easy to exploit. According to Miller:
"Safari on the Mac is easier to exploit. The things that Windows do [sic] to make it harder (for an exploit to work), Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows."
Miller also said that he refuses to disclose vulnerabilities to companies such as Apple unless he gets paid for it.
We'll discuss the topic of Mac security further on tonight's MacMod:LIVE podcast. Be sure to tune in live at 10 PM Eastern (7 PM Pacific)! If you miss the live show, you can download the MP3 later at macmodlive.com.
Set as favorite
Bookmark
Email this
Hits: 1211
Trackback(0)
TrackBack URI for this entry
Comments (2)
Show/hide comments
Write comment
