OSX.RSPlug.A Trojan Horse

A company named Intego apparently found a malicious Trojan Horse that actually is harmful (OS X attacks and exploits were previously developed that lacked malicious power).  According to Intego the Trojan Horse:

…disguises itself as a video codec that offers access to a pornographic video…and users attempting to install the codec receive a piece of malware classified as a ‘DNS Changer’ which modifies the way OS X handles the DNS requests used to link numerical IP addresses to web URLs.

The tool allows the attackers to redirect web traffic. Users attempting to visit PayPal, eBay or certain banking sites, for instance, will be directed to a phishing website instead.

You will see something like:

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

Read more about OSX.RSPlug.A.  And just keep in mind that “a spokesperson for Symantec suggested that Intego “has a tendency to over-hype things.”

Leave a Reply

Your email address will not be published. Required fields are marked *