A malicious program that poses as a video engine, or codec, necessary to watch pornography could infect unsuspecting users of Apple's Mac OS X operating system, security firms warned on Wednesday.
The program -- called RSPlug by Mac antivirus firm Intego, Puper by McAfee and DNSChanger by others -- has been spreading around Windows computers for some time, but is not considered a significant threat as the victim has to supply the administrator password for the system to be infected. While the Windows version comes as a portable executable (PE) file, the new Mac version comes as a standard disk image (DMG) file. If opened, the file will display a standard install package, according to an analysis of the Trojan by the SANS Institute's Internet Storm Center (ISC).
"The user is then prompted to install the package and during this process he will have to supply the administrator credentials," wrote ISC handler Bojan Zdrnja in the analysis. "Yep, its game over from this point in time , and the attack is exactly the same as on Windows - keep in mind that these users will willingly supply these credentials."The arrival of a serious attempt to attack the Mac has been widely predicted by security professionals. Since early last year, flaw finders have focused on Apple's operating system, but serious attacks have been lacking. Online fraudsters have increasingly focused on turning illicit access into cash, which makes vast majority of computers running Windows a far more natural target.
A recent study supports the theory that marketshare appears to matter a great deal to financially motivated hackers. The study found a selection of malicious Web sites only focused on attacking Internet Explorer, not Mozilla's Firefox browser, despite the fact that the open-source software had twice as many vulnerabilities disclosed since its release.
Shipments of Apple computers running the Mac OS X accounted for 8.1 percent of U.S. shipments in the third quarter of 2007, according to business intelligence firm Gartner. Macs account for 6.5 percent of the computers that visit the major Web sites tracked by Net Applications' Market Share service.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos