Mac OS malware targets porn surfers

There's a new piece of malware out there targeting Mac users that takes advantage of the inclination to watch porn.

Intego, a Mac security software company, issued an alert Wednesday warning Mac users of the OSX.RSPlug.A malware, which it describes as a Trojan horse. Those of you familiar with mythology recognize the reference, and OSX.RSPlug.A disguises itself as a video codec that would ensure whatever porn video you just stumbled upon will play on your Mac.

(Credit: Intego)

But to get infected with the malware, you have to accept the invitation to download "new version of codec," open up the .dmg (disk image) file, click the installer.pkg file, and enter your administrator's password, according to Intego. Once infected, the malware changes your DNS settings to hijack Web traffic and redirect it to phishing sites or ads for porn. And you still won't get to watch the video.

If you're running Tiger, you might never realize how you were infected, but Leopard's Advanced Network preferences will at least let you recognize that the DNS servers have been changed. You'll be unable to change them back without going through a lengthy process detailed by Macworld's Rob Griffiths.

Intego coincidentally sells software that would also protect your Mac from the malware, and uses the opportunity to point that out on its security bulletin. But there's one surefire way to avoid these problems.

People, we're talking about Internet porn. There are literally millions of Web pages that cater to every imaginable interest (and a few I'm sure I can't imagine) that don't ask you to install software to view them. Most people know you should never install something on your computer unless you know exactly what it is, and who is sending it your way. But that red flag has to immediately shoot up if you're asked to install any unsolicited application or file that comes from a porn Web site. I don't care what they promised you at the other end of the process.

A little common sense goes a long way. Think about what you're doing before you do it, because no porn video is worth the risk of installing something evil on your Mac.

[Vegaman_Dan]

Don't go there, don't get infected

I don't think it matters if it is a computer or a hooker on the street. You're likely to get infected either way.


I'm glad that Leopard will alert end users that something has taken control of their system. Perhaps that can be rolled back to previous versions of OS X as well.

In the end, it's not about the OS security, but end user susceptiblity. Social engineering can get around even the best security if it wraps it up in a pretty wrapper that people will click on.

[KTLA_knew]

That's exactly what has been said about MS

"In the end, it's not about the OS security, but end user susceptiblity."

Luckily, MS has gotten such a kind, understanding response around here to every similar attack on their user base that's orders of magnitude more valuable than the tiny Mac base. It's the single, non-double standard that I admire.

[carmen sancarlos]

who wants to watch porn anyway?

Any one who watches porn deserves to be attacked... if less people
looked at it, less people would produce it...just think of the young
girls who don´t know any better...they pay for their mistake for the
rest of their life.

[Draxon]

Let me guess american?

Let me guess your american? You probably spend more time telling people that even safe sex will give you aids instantly, than you ever spent caring about all the innocent people dieing in Iraq. There is nothing wrong with willing adults, making decisions about their life.

American morals are so backwords yet they think they have the right to enfore them on the rest of the world

[just_me_here]

>the young girls who don't know any better

Jesus, fourth grade girls are giving hand jobs at my school. WHERE are there GIRLS that DON'T KNOW BETTER? Apparently Grandma got internet at the rest home...

[ceebee23]

is this a result of more Mac users...

MacOSX has always been a more secure OS than Windows but as the number of Mac users increase the number of attacks targeting macs was bound to increase....is the this the first of an increasing assault on mac users?

[protagonistic]

RE: is this a result of more Mac users...

You can be an idiot regardless of what OS you are using. It has
nothing to do with windows vs Mac vs NIX...

[MaLvaDo39]

NEVER download, authorize, install software from a porn site

Duh

[lkrupp]

Double Duh!

"Momma always says, "Stupid is as stupid does""

-Forrest Gump

[menotbug]

Exactly

I hope there aren't that many fools who actually would go far
enough to actually authorize the installation of "mystery"
software from a porn site. Really, who installs software from a
porn site? Like there's a special porn codec?

But this malware does point out the multiple steps (including
password authentication) required to install new software for
security. It may sound tedious for some, but it actually flows
smoothly in normal use, so it's good to have no quick/instant
installs on the Mac so you don't slip up and install something
you shouldn't have.

[ferretboy88]

I thought Macs were perfect.

Most of the apple fan boys will tell you that they don't need security software for their apple computers but since a firewall comes with it and other protection software comes with it I use it. Also the best protection is you. Going on porn sites is just stupid. If I want to watch porn I go to a store and buy a movie. Of course all the bad guys will target porn since it is so popular.

[Wind_Freak]

virus is news?

The mere fact that this is a news article that there is a virus for a
mac should tell you something.

You have any clue how many viruses come out for a pc a week?

A virus on a mac is rare enough for it to warrant a news article that
tells you allot right there.

[gsmiller88]

This isn't the fault of Mac OS

This is a prime example of human error. Regardless of how secure
an operating system is, as long as human beings are using them
they will never truly be secure. I mean, before you get it you have
to download it, open it, enter your PASSWORD, and then install it.
That's a lot more than it takes to get the same junk on Windows.

[yaZULU]

oh my god

Its official, your an idiot. Its a trogan horse that requires an admin
password which should have ruled out most candidates. its not a
true piece of malware in the sense it installs silently. how on earth
would apple be able to stop developers from DEVELOPING
programs which are capable of havoc on stupid users.
not apples fault. just really stupid people.

[starcannon]

RE: I thought Macs were perfect.

While I'm not a big Mac fan, I go for Linux myself, and while I don't recall reading any post or blog of depth that claims perfection, I will step up to defend the Mac on this point.

This is not a fault with the Mac, note that a password was required in order to install this malware, which means this isn't a situation where the OS let the user down, this is a situation where the user let the user down.

So far I think those "fan boys" you discussed are still correct, something that requires as much user intervention to install as this, really doesn't count as a virus, you have to go out of your way to put this on your machine, no amount of security software will ever save you from yourself.

Windows on the other hand will get infected if you even say the word porn within earshot of a windows computer, reason is that many things on windows can and are installed for various purposes benign, beneficial and malignant, without the users ever even knowing it happened.

Oh, and Avenue Q knows what they were talking about when they said, "the internet was made for porn" :P

[rcrusoe]

Every OS has its idiot users

They would probably fall for this email "virus" too:

"You have just received a virus. Since we are not so technologically
advanced, this is a MANUAL virus. Please delete all the files on your
hard disk yourself and send this mail to everyone you know.

Thank you very much for helping me."

[protagonistic]

RE: Every OS has its idiot users

Reminds me of something I read a few years ago by one of the big
PC mavens back then. I don't remember who it was but he said
something like, I could send out an email with an attachment
called "This is a virus.exe" and some people would open it. :-)

[Ilgaz]

...but some are more stupid

OS X has some very "interesting" users who shoots messenger (in
this case, Intego) instead of securing their system with basic
methods...
For them, OS X is something like NSA secure Terminals you see on
movies. Nothing can happen to it.
Those people described above are a virus/trojan developers
dream.

[42istheanswer]

Solution

Surf your porn in a virtual machine (VM). After you're satisfied with the session, revert the VM back to a clean snapshot. Rinse and repeat.

[handydan918]

The meaning of life, the universe, and everything?

In a virtual machine, no less!
Sounds infinitely improbable...

[crue24]

Have to admit...

this is actually newsworthy. Granted, only the dumbest of users
is actually going to be gullible enough to follow all those steps
without realizing something isn't right, but still it's the first
Trojan for the mac. I'm a mac user and do believe, right or
wrong, that OSX is more secure, however I don't think it's
perfect and accept that part of the reason security hasn't been
an issue is the small user base. But now we have the first
one...and someone will build a better one.

I don't think mac will ever suffer the fate of windows users, but
it's time for them to start paying a little more attention. I've
personally caught myself feeling a little too "immune"
sometimes, but I am pretty careful being an IT guy. Time to step
that up a notch....

[jhoeforth]

RE: Have to admit...

[i]I don't think mac will ever suffer the fate of windows users [/i]

Wow! What a prudent response. Please. For everyone who really believes that Mac OSX is as secure as you claim it is, Here you go:

http://secunia.com/product/96/?task=advisories

And, yes please do search that "other" OS that you guys hate and compare them in terms of how secure they really are.

[darthstupid]

Don't feed the trolls

To get this you have to give it your administrator password. No kind of security can protect you against yourself. This isn't a problem with the Mac it is a problem with human nature (not surfing for porn but willing to give up secrets for sex).

[Seaspray0]

too many trolls

"This isn't a problem with the Mac it is a problem with human nature..."

Very much so a problem with human nature that also affects the windows side of the equation just as much. However, Mac users call those a virus.

Needless to say, when administrative rights are allowed, human nature is the biggest failure when it comes to securing any computer. Even windows has security settings that will stop this kind of junk but 99% of the time the user logs in with administrative rights. People really are the weakest link.

[just_me_here]

>No kind of security can protect you against yourself.

Bingo. Exactly. Even Fort Knox isn't secure if someone willingly opens the door.

[Penguinisto]

*yawn*

Well, gee... a user actively installs something from a place he
doesn't even know about, let alone trust.

Interesting that someone decided to to it for OSX, but stupid
users are stupid users.

And oh, boy would you have to be stupid to install this one...
versiontracker.com (just one example of many) has all the legit
video codecs you could ever want or need, including the MSFT-
only ones.

Dear C|Net, come back when you have something that can be
installed through an IFRAME (web browser vector) or via an
application fault, 'kay? Becuase Windows has those by the
bucketload. Then we'll talk.

/P

[Vegaman_Dan]

Ignoring it doesn't make it go away

I think CNET was right to post it. Look- it got people talking about it. If even one OS X user learns that their OS is not invulnerable to outside threats... and inside ones called end users, then it's worth it.

I don't think dismissing it as unimportant as you have really helps. It's still a valid issue and CNET should report it.

[sourx]

Change the Title Idiot

The article should say "Malware targets porn surfers". This has nothing to do with Mac OS but the idiots that click/install the junk. No OS can protect against this so stop writing this utter crap.

Why do I even look at this site anymore...it is just tech sensationalism.

[Tom Krazit]

This piece of malware is targeted at Macs

That's why it has that title. Windows users can't download the file, it's a .dmg file, so they won't be affected by this particular piece of malware.

[umcrouc0]

So you need to...

Go to a porn site, download a sketchy sounding file to view a video, decide to install the file, and enter your admin password? It then takes you to phishing sites? Wow, that's some slick vulnerability. I've got another one. It's called picking up your computer and dropping it out of a window.

[Tui Pohutukawa]

Some coincidence

"Intego coincidentally sells software that would also protect your
Mac from the malware, and uses the opportunity to point that
out on its security bulletin."

So there is this company called Intego, that only sells "security
software for Mac OS X". Too bad their products are totally
useless, since OS X is already secure - this I know from
experience. I never had malware on any of my machines,
whether under OS 7, 9 or X. That's about 10 years of constant
use - without a single infection.

Coming back to Intego, it is indeed a remarkable coincidence
that they happen to sell software that protects against a trojan
they discovered in the first place. What a lucky coincidence - for
Intego. How did this come about: Did they surf porn sites, and
discover accidentally that their software protects against
malware they picked up along the way? How convenient.

In order to become a victim of this trojan, you'd have to have all
your eyes, ears and remaining brain cells covered with an
impenetrable layer, made of testosterone and sheer stupidity.
Such people exist, of course.

[starcannon]

Surf Porn with a Linux Live CD

Problem solved.

[just_me_here]

When you want porn, you don't want to wait ten minutes for boot up...

[rleon]

I love it when it happens...

So, all the viruses and trojans in the windows world happen
because the user is... er? ... not smart enough?
And since there is not one single virus for OS X, I take that as a
compliment.
Now, there are hundreds of thousands viruses for windows
right?
Look at the mirror and ask yourself: Which platform has lots of
not so smart users?
You are right! It is not MS`s fault! It have being the dumb user
base all along.

[Vegaman_Dan]

When what happens?

This article was about a situation of malware being installed on OS X through the social manipulation of the end user to enter their admin credentials.

It had nothing to do with Windows or Linux or OS2. It had everything to do with socially manipulating end users to bypass whatever security means they have on their system put in place to prevent them from doing exactly what they are trying to do.

[Orion Blastar]

Macs get infected as well

most Mac users tend to think that Mac OSX is virus-proof, but they are wrong. They run Mac OSX without any anti-virus software or firewall and just use the default settings.

While Mac OSX is based on Unix with Unix security, it also is based on the Classic Mac OS 9 and earlier, and has such things as AppleScript, Quicktime, Safari, iTunes, etc that are subject to exploits due to sloppy Apple code in them that Unix systems like Linux do not have.

[The_Decider]

re

Show me malware written for OSX that can a) cause damage, b) spread itself, and c) install itself with no user intervention.

See you in 5 years.

or you can just spend 1 ns to find an instance of windows malware that fits the above requirements.

[Penguinisto]

Lord, I wish to file a Bug Report...

Oooooookay. Deep Breath here.

Lookit: OSX is based on the BSD-like Mach kernel, with Cocoa and Carbon atop it to run the GUI.

The only resemblance to MacOS 9x and earlier is the emulation layer to allow OS9 to run under that emulation in "Classic" mode!

Cripes... please, please learn at least some of *** you're talking about before spouting off like that!

/P

[Norseman]

So---

If I'm not a brain-dead porn aficionado, how will this have a negative effect on my life?

[Angmarr]

the end is coming .... soon

[Calvin678]

I'm sure there are some virus are forming as we are talking here, and I don't think Intego is useless, I have bought their Anti-Virus software. Why? Isn't Mac OS X virus-proof? May be, but if you check out this malware site ---> http://ek21.com/ <---- you will change your mind soon!! This evil site will shut those Mac-never-infected-without-password people's mouths up. I do love Apple Mac OS, and I believe Mac is better Windows of course, but I don't think a virus won't infect your Mac just because you didn't offer your administrator password? I don't think so, I think if someone is really smart enough to develop a super virus that can just infect your Mac without asking you the password, it could, not now, maybe 10 years from now.

[Calvin678]

Sorry about my wrong sentences, I am still learning English.
----------
I'm sure there are some virus are forming as we are talking now, and I don't think Intego is useless, I have bought their Anti-Virus software. Why? Isn't Mac OS X virus-proof? May be, but if you check out this malware site ---> http://ek21.com/ <---- It will change your mind soon! This evil site will shut those Mac-never-infected-without-password people's mouths up. I do love Apple Mac OS, and I believe Mac is better than Windows of course, but I don't think a virus won't infect your Mac just because you didn't give in your administrator password? I don't think so. I think some people are smart enough to develop a super virus that can just infect your Mac without asking your password, it could, I mean not now, but 10 years from now.