New Variant of Trojan RSPlug Spreads Through Game Sites
Researchers at Intego, the security company for Mac, have detected a new version of 'RSPlug Trojan' an infamous Mac malware that they named OSX/RSPlug.K as the variant tries to change the settings of an infected PC.
Dated June 19, 2009, the Intego researchers posted a note on a blog saying that the new version of RSPlug resides in websites that apparently present genuine game downloads.
Peter James, Spokesman for Intego, states that the latest attack works in the same way as the previous RSPlug variants did, as reported by SCMagazine on June 19, 2009. James adds that in the current instance, users who click on a link that leads to a fake game find one more link that actually downloads a Trojan.
The reports state that the preceding variant, discovered in March 2009 and attacked Apple computers, was found primarily on warez (counterfeit software) and porn websites. Thus, certain commentators state that only those end-users who participate in illicit online activities bear the risk of infection.
However, in the current instance, users accessing sites that offer online games eventually download a Trojan installer. While a few of these games represent counterfeit copies of low-priced commercial games, others often represent games that are free, the security researchers at Intego said.
If the new variant infects a computer, then the system's DNS settings could be changed, implying that hackers could redirect users to anywhere of their choice.
Notably, Intego has found that the variant also exists on certain MP3 blogs, websites that offer counterfeit music downloads. But they serve Trojan programs claiming they are utility downloads.
Hence, to solve the problem, James said the company suggests Mac users to download applications exclusively from reliable websites. According to him, since the new RSPlug variant is spreading fast, it is expected that more websites will thrust it in place of actual software, with more users getting deceived.
Meanwhile, the earliest RSPlug variant was distributed in October 2007 through porn sites. The sites prompted users to download a codec necessary for watching a video but that turned out to be the Trojan.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 30-06-2009