GlockTalk.com
Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.

 
  
Reply
 
Thread Tools Display Modes
Old 11-23-2008, 20:39   #1
kc8ykd
Senior Member
 
Join Date: Oct 2005
Location: michigan
Posts: 2,806
FYI Mac OSX Users

http://news.zdnet.com/2424-9595_22-251586.html

Quote:
Mac OS X targeted by Trojan and backdoor tool

Two pieces of malicious software affecting Apple's Mac OS X appeared this week: a Trojan horse with the ability to download and install malicious code of an attacker's choice, and a hacker tool for creating backdoors, according to security vendors.

The Trojan called 'OSX.RSPlug.D' by Intego, the Mac security specialist that discovered the threat is a variant on an older piece of malicious code but with a new installer, Intego said.

"It is a downloader, and it contacts a remote server to download the files it installs," Intego said in an advisory. "This means that, in the future, the downloader may be able to install payloads [other] than the one it currently installs."

In other respects the Trojan is similar to previous versions of RSPlug, which first surfaced in October 2007, Intego said. It installs a piece of malicious code known as DNSChanger, which routes the user's internet traffic through a malicious DNS server, leading users to phishing websites or pages displaying advertisements.

The Trojan is found on porn websites posing as a codec needed to play video files, a technique used to trick the user into downloading and installing it.

Intego said OSX.RSPlug.D has been widely confused with a separate threat publicized this week by several security firms. That threat is called OSX.TrojanKit.Malez by Intego and OSX.Lamzev.A by other vendors, including Symantec and Trend Micro.

OSX.Lamzev.A is a hacker tool designed primarily to allow attackers to install backdoors in a user's system, according to Intego. However, the company dismissed the tool as a serious threat because a potential hacker has to have physical access to a system to install the backdoor.

"Unlike true malware and Trojan horses, OSX.TrojanKit.Malez requires that a hacker already have access to a Mac in order to install the code," Intego stated.

Other antivirus vendors noted that Lamzev could be disguised as a piece of legitimate software and used to trick users into creating the backdoor themselves.

Lamzev is not related to RSPlug, despite several high-profile reports confounding the two, Intego emphasized. "This hacker tool has nothing to do with the RSPlug Trojan horse," Intego stated.

Security vendors have long warned that the Mac platform is not as secure as some users might like to believe. Apple had not responded to a request for comment at the time of publication.
Keep alert and updated !
kc8ykd is offline   Reply With Quote
Old 11-23-2008, 22:22   #2
noway
Senior Member
 
noway's Avatar
 
Join Date: Dec 2000
Location: Davie "Cowboy" , FL
Posts: 19,409
Quote:
OSX.Lamzev.A is a hacker tool designed primarily to allow attackers to install backdoors in a user's system, according to Intego. However, the company dismissed the tool as a serious threat because a potential hacker has to have physical access to a system to install the backdoor.

"Unlike true malware and Trojan horses, OSX.TrojanKit.Malez requires that a hacker already have access to a Mac in order to install the code," Intego stated.
Enough said.
noway is offline   Reply With Quote
Old 11-23-2008, 23:18   #3
kc8ykd
Senior Member
 
Join Date: Oct 2005
Location: michigan
Posts: 2,806
Actually, if you look a little more closely, there are two trojans being talked about in this article.

One, that's traditionally been installed via the user under the guise of being a legit software package and has now been repackaged. And the second which is installed the same way.

Sure, physical access is required, however, that access appears to be provided by the legit user of the machine. The people who wrote the malicious code are/could be counting on tricking the user into unknowingly installing it themselves.
kc8ykd is offline   Reply With Quote

 
  
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 06:22.




Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 771
229 Members
542 Guests

Most users ever online: 2,672
Aug 11, 2014 at 2:31