New Mac Trojan horse is very difficult for users to saddle

APPLE A DAY

Plugged In

November 08, 2007|By DAVID ZEILER

A new Trojan horse directed at porn-viewing Mac users has touched off the usual barrage of "now those smug Mac owners will get their comeuppance" articles. The exaggerated tone - particularly in some of the headlines - is completely out of proportion with the threat.

I'm not saying the Trojan, called OSX.RSPlug.A, poses no threat. It's real and it's out there. But it's not spreading like wildfire. A Mac user needs to do a lot of dumb things to get infected.

First, the Trojan is embedded in porn sites, so if you're not using your Mac for porn you should be safe. If you do enjoy porn on your Mac (I'm not judging you, but you're the target here), it still requires some effort to get infected.

Here's how it works: When you click on a booby-trapped porn video, a window pops up telling you that you lack a certain video plug-in and then asks if you'd like to download it. If you click OK, your Mac will download a disk image that contains the Trojan. You then need to mount the disk image by double-clicking on it (this step could be done automatically by your browser depending on how you have set your preferences).

If you double-click on the installer that appears in the disk image window, the Mac will ask you for your administrator password before proceeding. This is a security measure built in to Mac OS X designed to prevent malware like this Trojan from installing itself in the background. If you ignore this red flag, type in your password and click OK, the software finally will install the Trojan on your Mac.

Once on your Mac, the Trojan changes some network settings to redirect your Web browser to fraudulent sites set up to trick users into surrendering personal information such as credit card or bank account numbers.

A Trojan for the Mac is a bad thing, but it relies on the user's ignorance for success. You can't get infected by browsing the Internet or visiting particular porn sites. With a lot of Windows malware, the user gets infected quietly in the background, without any of the user interaction the new Mac Trojan requires.

This does not mean, as some articles have implied, that Macs are now just as likely to be infected by malware as Windows PCs. There are still hundreds of thousands of viruses, worms and Trojans in the wild that target only Windows. Despite the appearance of this Mac-specific Trojan, there are no Windows-like worms or viruses that can spread from Mac to Mac without the knowledge of the user.

That said, no system can be made immune to malware that employs "social engineering" - that is, user gullibility - to do its dirty work.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.