Mac OS X targeted by Trojan and backdoor tool

Mac OS X targeted by Trojan and backdoor tool

Summary: Two new pieces of malware affecting Mac OS X appeared this week, a Trojan horse and a hacker tool for creating backdoors.

SHARE:
Two pieces of malicious software affecting Apple's Mac OS X appeared this week: a Trojan horse with the ability to download and install malicious code of an attacker's choice, and a hacker tool for creating backdoors, according to security vendors.

The Trojan — called 'OSX.RSPlug.D' by Intego, the Mac security specialist that discovered the threat — is a variant on an older piece of malicious code but with a new installer, Intego said.

"It is a downloader, and it contacts a remote server to download the files it installs," Intego said in an advisory. "This means that, in the future, the downloader may be able to install payloads [other] than the one it currently installs."

In other respects the Trojan is similar to previous versions of RSPlug, which first surfaced in October 2007, Intego said. It installs a piece of malicious code known as DNSChanger, which routes the user's internet traffic through a malicious DNS server, leading users to phishing websites or pages displaying advertisements.

The Trojan is found on porn websites posing as a codec needed to play video files, a technique used to trick the user into downloading and installing it.

Intego said OSX.RSPlug.D has been widely confused with a separate threat publicized this week by several security firms. That threat is called OSX.TrojanKit.Malez by Intego and OSX.Lamzev.A by other vendors, including Symantec and Trend Micro.

OSX.Lamzev.A is a hacker tool designed primarily to allow attackers to install backdoors in a user's system, according to Intego. However, the company dismissed the tool as a serious threat because a potential hacker has to have physical access to a system to install the backdoor.

"Unlike true malware and Trojan horses, OSX.TrojanKit.Malez requires that a hacker already have access to a Mac in order to install the code," Intego stated.

Other antivirus vendors noted that Lamzev could be disguised as a piece of legitimate software and used to trick users into creating the backdoor themselves.

Lamzev is not related to RSPlug, despite several high-profile reports confounding the two, Intego emphasized. "This hacker tool has nothing to do with the RSPlug Trojan horse," Intego stated.

Security vendors have long warned that the Mac platform is not as secure as some users might like to believe. Apple had not responded to a request for comment at the time of publication.

Topics: Software, Apple, Hardware, Malware, Operating Systems, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

346 comments
Log in or register to join the discussion
  • Stupid Users

    The article says "The Trojan is found on porn websites
    posing as a codec needed to play video files, a technique
    used to trick the user into downloading and installing it.". If
    someone is stupid enough to download and install some
    random piece of software shit from porn websites, they truly
    deserve to have their computer messed up to death by it. So
    the article should have been called "Poor and innocent Apple
    computers targeted by insanely stupid users" :-)
    Pascal117
    • Sounds familiar...

      Yep, usually how a windows user gets compromised as well. Porn for free is a death knell for a computer. Pay for it and you will be alot safer. Or get you an island system if you are too cheap.
      OhTheHumanity
      • Actually

        Windows users get compromised just by having their
        computer turned on.

        Bit of a difference there.
        AzuMao
        • Do you lack knowledge or are you just a troll? n/t

          .
          notsofast
          • No, but you're clearly a troll. <NT>

            NT
            AzuMao
        • Right...

          you keep on believing that
          tikigawd
          • Okay

            I'll keep believing what keeps happening all over the
            place. You can feel free to keep your head in the
            sand.
            AzuMao
          • Funny...

            How I've been turning Windows computers on every day for two decades and I still haven't been infected by anything.

            Getting infected takes careless interaction by the user, so saying that a Windows machine can get infected "just by turning it on" is idiotic.
            tikigawd
          • Not Funny....!

            Let me tell you something, a few years back I bought my first windows XP PC, and I turned it on didn't even get to use it for a day and all of the sudden the PC was giving me a message that my PC will restart in 1 min it kept doing this, I then formated the PC and still same thing happened I later found out it was a blaster virus, and I downloaded the remover from semantic.com, any way this happened to me and you are saying its from careless and being idiotic, no matter what you say it can happen I know most of the users that get viruses is from carelessness but not all. also the blaster virus was later patched with SP1 because their was a whole in MSN Messenger that aloud XP to get the virus just by being connected to the net... any way theirs ma story.
            Rasheedalh
          • Enjoy your delusional reality.

            Either someone installed a different OS on your
            computer without you knowing, and made it look like
            Windows, or you're just full of shit.
            AzuMao
          • @Rasheedalh

            Blaster was in 2003, we're almost in 2009.

            I didn't say that has never happened, I said it doesn't happen in the current day. That is, unless you're running a vulnerable, un-patched, system, which is what I mean by careless.

            The Blaster vulnerability was MS's fault, nevertheless, since I've always made sure I have my system up to date, have my hardware and software firewalls present, run my AV software, etc, I have so far avoided infection.
            tikigawd
          • @AzuMao: Oh, I see...

            So now you're changing your tune from saying that infection just by turning on the computer to implying that anyone who has a Windows machine has been infected?

            I guess you know what has happened to me better than me.

            I never said infections never happen, I just said it happens to careless people, which I am not.
            tikigawd
    • That is funny

      because when the very same thing happens on Windows, it is the fault of MS for not making a 'secure' OS.

      It is nice to see the explanation is completely dependent on the logo...
      mdemuth
      • Yep.

        Microsoft earned that reputation all on their own. That's the price they pay for being the one and only. Linux will never be the one and only simply because there's more than one.
        kozmcrae
        • Yes

          There are about ... who knows how many versions
          of Linux out there and yet none seems to work
          fine. So, Linux funs refresh their faith EVERY SINGLE TIME a new version of Linux pops up (that is about every 3 years) untill they loose it again and again ... and again!
          Microsoft indeed earned that reputation all on their own because 99.8%+ of the programmers in the world were (and most of them still are) programming in
          Windows only. And since you can't make a vior without
          to program ... voila!
          ghost_ghost
          • You would have to discount...

            ...Java programmers from your % due to is platform independance.
            DevJonny
          • Yes, Microsoft have earned their reputation

            Of being inferior. The only thing to lose faith in is
            the win32 platform.
            AzuMao
          • Hmmmm

            That must make me very unusual then....I have 1 RH9 box that has been running since 2003 and the only problem I have had with it was running out of space. I have numerous Linux boxes running and NEVER have the kind of problems I have with my Windows boxes.

            Director of IT
            JHPArizona
      • No

        Worms are Windows' fault. Noone ever said trojans
        were.
        AzuMao
        • Wrong!!!!

          The first worm appeared in the UNIX world.

          Around 6,000 major Unix machines were infected by the Morris worm.

          The Morris worm was one of the first internet distributed computer worms; it is considered the first worm virus and was certainly the first to gain significant mainstream media attention. It was written by a student at Cornell University, Robert Tappan Morris, Jr., and launched on November 2, 1988 from MIT.
          mrlinux