The Trojan — called 'OSX.RSPlug.D' by Intego, the Mac security specialist that discovered the threat — is a variant on an older piece of malicious code but with a new installer, Intego said.
"It is a downloader, and it contacts a remote server to download the files it installs," Intego said in an advisory. "This means that, in the future, the downloader may be able to install payloads [other] than the one it currently installs."
In other respects the Trojan is similar to previous versions of RSPlug, which first surfaced in October 2007, Intego said. It installs a piece of malicious code known as DNSChanger, which routes the user's internet traffic through a malicious DNS server, leading users to phishing websites or pages displaying advertisements.
By Matthew Broersma ZDNet.co.uk
Posted on ZDNet News: Nov 21, 2008 4:38:55 AM
For information about checking to see if you have the virus and how to remove it, go here:
http://www.macosxhints.com/article.php?story=20071031114140862
No comments:
Post a Comment