Most Popular Articles
- Prune Your Time Machine Backups Selectively (01 May 2008)
- Back to My Mac Leads to Recovery of Stolen Mac (10 May 2008)
- Time Machine Exposed! (08 May 2008)
- Hand Coding HTML Is Still in Vogue (25 Apr 2008)
Recent TidBITS Talk Discussions
- SSH failing to launch (3 messages)
- Monitor recommendation? (17 messages)
- OmniFocus: the interface is weak but the project is willing (22 messages)
- Goose Your Network to Gigabit Ethernet (23 messages)
In Take Control of Apple Mail in Leopard, by Joe Kissell, you'll learn how to make your email come and go as it should and easily find the email that you want to read. You'll also get help with Time Machine backups of email and much more. $10.
Published in TidBITS 903. Subscribe today to receive TidBITS in email every Monday.
- Apple Releases Minor MacBook and MacBook Pro Upgrades
- iTunes 7.5 and QuickTime 7.3 Released
- Install Applications with iPhone 1.1.1 Software
- O2 Clarifies UK iPhone Data Limits
- Gmail's New IMAP Support a Boon to Mac and iPhone Users
- DealBITS Drawing: Win a Copy of TextExpander 2
- CARS Discovers Our Secret Agenda
- GrandPerspective and WhatSize Identify Disk Pigs
- Explaining Our Recent Server Woes
- Apple to Allow Virtualization of Leopard
- Leopard Firewall Takes One Step Forward, Three Steps Back
- Hot Topics in TidBITS Talk/05-Nov-07
OSX.RSPlug.A Trojan Horse Targets Mac OS X
Security software firm Intego is warning Mac OS X users about a Trojan horse that targets the Mac. OSX.RSPlug.A is showing up on pornography sites disguised as a video plug-in. When someone clicks the link to watch certain video clips, a Web page states that a new QuickTime codec must be installed. Opening the disk image that downloads results in the installer asking for an administrator password (which is the first serious sign of trouble); if the option to Open "Safe" Files After Downloading is enabled in Safari, the disk image opens automatically (you should disable that feature in Safari; see "Significant Safari Exploit Discovered," 2007-09-07).
Once given root access, the Trojan horse changes the computer's DNS settings to point to phishing sites or ads for other pornography sites. Even if the DNS is reset manually, a background task added by the Trojan horse changes the DNS again automatically.
Rob Griffiths at Macworld has written up instructions for removing OSX.RSPlug.A manually; Intego's VirusBarrier X4 with updated virus definitions for 31-Oct-07 also identifies and removes the Trojan horse. Griffith writes: "This is really bad. Really. And even though it's targeted at porn surfers today, the malware could easily be associated with anything else, like a new viral video site, or a site that purports to show commercials from the upcoming Super Bowl."
As always, the best defense against such attacks is to avoid installing third-party software with which you're unfamiliar, especially any that requires an administrator password. Although the Mac has proven remarkably resilient to the threat of viruses and other malware, it's not immune.
Bare Bones Software's BBEdit 8.7 -- Latest version offers amajor interface overhaul, new prefs, text clippings, improved
JavaScript, new Ruby/SQL/YAML/Markdown support, code folding.
Over 160 new features in all! <http://www.barebones.com/>.
Bookmark at: del.icio.us | digg | reddit | Slashdot