[DM-MUG] Trojan Horse: WD Passport HD
Victoria L. Herring
vlh at herringlaw.com
Tue Oct 7 13:05:33 CDT 2008
>Found my first Trojan Horse on a Western Digital "My Passport
>Essential HD". The drive cannot be modified or written to (even with
>permissions set to read and write) and it contains an installer
>package which, when clicked, tells you it will install "Porn4Mac".
>
>For obvious reasons, that set off alarm bells, so I googled it and
>found this on a cached blog page:
>
>New Variants of the RSPlug Trojan Horse
>
>Intego first reported on the OSX.RSPlug Trojan Horse back in October
>of 2007. Since then, the people behind this malware have been busy
>making variants in order to better trap Mac users. Most of the
>variants aren't really variants; they are simply disk images with
>different names from the original. (One antivirus vendor claimed to
>have found some three dozen such variants, but did not, it seems,
>examine the code to see that they were all the same.)
>
>Other variants include two whose code are different, but especially
>variants that purport to install differently-named software. The
>original RSPlug Trojan horse installed "software" called MacCodec;
>other versions' installers claim to install MacVideo or Porn4Mac.
>Also, the containers - the disk images containing the installers -
>differ. The first version was found in a series of disk images named
>with four digits followed by the disk image extension: for example,
>1023.dmg. Others have included operacodec1234.dmg,
>nitroticket2018.dmg, uincodec4264.dmg, and ixcodec1292.dmg. (Note that
>there may be variations in the numbers contained in these names, as
>well as the names themselves.)
>
>In any case, this Trojan is alive and well, and recent posts in Mac
>forums show that users are still being infected. Intego VirusBarrier
>protects against all these variants, and will continue to protect
>against new ones as they are discovered.
>Posted by Peter on April 11, 2008 in Intego Software, Security
>
><http://tinyurl.com/4tdtc2>http://tinyurl.com/4tdtc2
>
>(<http://209.85.165.104/search?q=cache:KjlNCh0y-KcJ:aureomonteiro.blogspot.com/2008_04_01_archive.html+passport+drive+porn4mac&hl=en&ct=clnk&cd=1&gl=us>http://209.85.165.104/search?q=cache:KjlNCh0y-KcJ:aureomonteiro.blogspot.com/2008_04_01_archive.html+passport+drive+porn4mac&hl=en&ct=clnk&cd=1&gl=us
>)
>
from another list
--
Victoria L. Herring, Discrimination/Civil Rights Attorney,
http://www.herringlaw.com; Travel Research/Photography site,
http://www.JourneyZing.com; Online Gallery-
http://gallery.journeyzing.com. Des Moines, Iowa; 515-255-4475
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/dmmug/attachments/20081007/02b671a4/attachment.htm
More information about the DMMUG
mailing list