Hot on HuffPost Tech:

See More Stories
Free Switched iPhone app - try it now!
AOL Tech

Mac trojan masquerading as codec

Late last week, Intego Security released a press release detailing a new Trojan web variant, aimed at Mac users. A Trojan, known as OSX.RSPlug.A (or OSX/Puper), is installed on the system by the user, under the guise that it is a video codec, required for playing a free video file.

The installer, under the clever name MacCodec, requires administrative access to install (meaning the user has to not only specifically agree to download the file, he/she has to enter in the admin password before it will install), and instead of installing a codec, it runs a script that creates a scheduled task that changes the DNS server, in an attempt to redirect users to malicious phishing sites. Unsurprisingly, this Trojan seems to be almost exclusively targeting porn sites that offer those always-hard-to-resist "Download Sample Now" or "Free movie clip" downloads.

Like clockwork, the pandering , the hysteria and the schadenfreude has already hit the web. Many of these articles fail to adequately underscore a few points that, we at Download Squad, think are pretty important for users to consider:
  1. This is not the first Trojan to affect the Mac, nor will it be the last.
  2. This is a fairly simple, some might even say standard Trojan. It works exactly the same as the pre-existing Windows version.
  3. The user has to agree to download the file AND enter in an administrative password. Granting admin rights to a "codec" you are downloading off of a porn site (and note, the video doesn't download - the DMG for the trojan downloads, the video does not exist) is not something we recommend, regardless of your OS.
  4. The company that released the first press release, assessing the risk as "critical" - is a company that is trying to parlay this as a way to sell more copies of their Mac Antivirus product. McAfee, Sunbelt and others failed to deem this as anything other than low risk.

As always, users should never grant admin access to a program from an unknown source (especially if it is for a porn site, come on!). We admit, masquerading as a codec is pretty clever, considering QuickTime's lack of compatibility out of the box, with some of the most popular video formats. Luckily, Perian, an open-source, free and SAFE utility exists that quickly and easily provides QuickTime compatibility with a host of formats. Other solutions like VLC and Windows Media Components for QuickTime are also available for free.

Panda Labs has more information about the types of sites this Trojan seems to be stemming from and the types of messages the installer displays.

Tags: codec, mac, quicktime, trojan, virus

Comments

7