What Real Mac Malware Looks Like
People new to a Mac often ask me if I can recommend any good anti-virus or anti-spyware programs for their new machine. I usually respond that since there aren't any Mac viruses or spyware to test these programs against, I can't offer a clear recommendation. (That said, the free, open-source ClamXav can prevent you from unintentionally forwarding a Windows virus.)
But the lack of Mac viruses and spyware doesn't mean you're entirely immune in OS X. You can still be tricked by a trojan -- malicious software dressed up to look like a program you'd want, so that you install it yourself. In other words, for your Mac to get infected, you must jab in the needle first.
Earlier today, Mac security-software developer Intego posted an alert about one such trojan, which it calls "OSX.RSPlug.A." This one poses as a QuickTime add-on that will let you watch video at various porn sites. But for it to do its mischief, you need to start an installer, then type in your account password to authorize the installation.
After that, your Mac's networking settings will be changed to send your browser to porn and phishing sites.
Intego's notice concludes with advice that's half self-serving, half common sense:
The best way to protect against this exploit is to run Intego VirusBarrier X4 with its virus definitions dated October 31,2007. Intego VirusBarrier X4 eradicates the malicious code and prevents the Trojan horse from being installed. Intego recommends that users never download and install software from untrusted sources or questionable Web sites.
I endorse the last sentence. Using a Mac greatly reduces your risk to online attacks -- and in particular those that require no action on your part to succeed -- but it doesn't reduce your need to use your own common sense on the Internet.
Have any of you encountered any Mac trojans lately? Share your experience in the comments...
Posted by: blogtalkradio.com/collegeradio | October 31, 2007 10:39 PM | Report abuse
Posted by: Eoghan | November 5, 2007 7:04 PM | Report abuse
The comments to this entry are closed.