Security news
Security news1 November 2007
Sophos protects against RSPlug Trojan horse for Mac OS X Malware tries to change DNS server settings on Apple Macintosh computers
Sophos customers are protected against a newly discovered Trojan horse that targets users of the Apple Mac OS X platform.
The OSX/RSPlug-A Trojan horse is the latest in a very short list of malware that has been designed to specifically target the Mac OS X operating system.
The Trojan horse poses as a codec to help users view pornographic videos, but in fact changes DNS server entries to direct surfers unwittingly to other websites. This could be for the purposes of phishing, identity theft or simply to drive traffic to alternative websites.
Mac users can infect themselves by downloading and running a fake codec.
"What's important to realise is that this Trojan doesn't exploit a vulnerability in OS X, Leopard, Tiger, or any Apple code. This Trojan exploits the vulnerability within the person sitting in front of the keyboard. It's the Mac user who is giving permission for the code to run and allowing their computer to be infected," said Graham Cluley, senior technology consultant for Sophos. "This is not a red alert, but it is a wake-up call to Mac users that they can be vulnerable to the same kind of social engineering tricks as their Windows cousins. The truth is that there is very little Macintosh malware compared to Windows, but clearly criminal hacker gangs are no longer shy of targeting the platform."
Sophos experts are urging Macintosh users to keep the threat in proportion.
"Mac malware like RSPlug makes the headlines because it is so rare," continued Cluley. "A Trojan horse like this for Windows would be unlikely to generate as many column inches because they are encountered every day. Nevertheless it obviously makes sense for Mac users to ensure that they are protected."
Sophos has been providing protection against the RSPlug Trojan horse since 01:12 GMT on 1 November 2007, and customers have been automatically updated.
- Learn more about the threat, and see pictures of OSX/RSPlug-A in action, on the SophosLabs blog
- Download and listen to the podcast "Big Mac attack or super-sized hype?"
- Download a free trial of Sophos Anti-Virus SBE (including Mac OS X support)
- Learn more about protecting your enterprise with anti-virus and anti-spyware protection for Macs
In February 2006, in the wake of the discovery of the first Mac OS X worm, Sophos released research that showed 79% of computer users believed Apple Macintoshes would be targeted more in the future. However, over half of those polled said they did not believe the problem would be as great as for Microsoft Windows.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
See also:
- Enterprise anti-virus and anti-spyware protection for Macs
- Sophos podcast: Big Mac attack or super-sized hype?
- Sophos Security Threat Report 2008 reveals cybercriminals moving beyond Microsoft
- Sophos proactively protects Mac OS X Leopard against new and emerging threats
- First ever virus for Mac OS X discovered
