Sophos customers are protected against a newly discovered Trojan
horse that targets users of the Apple Mac OS X platform.
The OSX/RSPlug-A Trojan horse
is the latest in a very short list of malware that has been
designed to specifically target the Mac OS X operating system.
The Trojan horse poses as a codec to help users view
pornographic videos, but in fact changes DNS server entries to
direct surfers unwittingly to other websites. This could be for the
purposes of phishing, identity theft or simply to drive traffic to
Mac users can infect themselves by downloading
and running a fake codec.
"What's important to realise is that this Trojan doesn't exploit
a vulnerability in OS X, Leopard, Tiger, or any Apple code. This
Trojan exploits the vulnerability within the person sitting in
front of the keyboard. It's the Mac user who is giving permission
for the code to run and allowing their computer to be infected,"
Cluley, senior technology consultant for Sophos. "This is not a
red alert, but it is a wake-up call to Mac users that they can be
vulnerable to the same kind of social engineering tricks as their
Windows cousins. The truth is that there is very little Macintosh
malware compared to Windows, but clearly criminal hacker gangs are
no longer shy of targeting the platform."
Sophos experts are urging Macintosh users to keep the threat in
"Mac malware like RSPlug makes the headlines because it is so
rare," continued Cluley. "A Trojan horse like this for Windows
would be unlikely to generate as many column inches because they
are encountered every day. Nevertheless it obviously makes sense
for Mac users to ensure that they are protected."
Sophos has been providing protection against the RSPlug Trojan
horse since 01:12 GMT on 1 November 2007, and customers have been
In February 2006, in the wake of the discovery
of the first Mac OS X worm, Sophos released research that
showed 79% of computer users believed Apple Macintoshes would be
targeted more in the future. However, over half of those polled
said they did not believe the problem would be as great as for
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.