HOME

TheInfoList



Click Here for Items Related To - RSPlug
OR:
RSPlug on:   [Wikipedia]   [Google]   [Amazon]

The RSPlug
Trojan horse The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
, a form of
DNSChanger DNSChanger is a DNS hijacking Trojan. The work of an Estonian company known as Rove Digital, the malware-infected computers by modifying a computer's DNS entries to point toward its own rogue name servers, which then injected its own advertisin ...
, is
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
targeting the
Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
operating system. The first incarnation of the trojan, OSX.RSPlug.A, was discovered on October 30, 2007 by Mac security researchers at Intego.


Variants

Several variants of the RSPlug trojan were found primarily on pornographic sites disguised as video codecs, and some variants were spotted on sites offering game downloads. When OSX.RSPlug.A was installed, the system's
DNS The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
settings were changed to redirect web browsing to
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
web sites, or to web pages displaying ads for other pornographic web sites. There is also a version of the OSX.RSPlug Trojan which targets the
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...
platform, and it was this version that led a technical manager at F-Secure to suggest that the group behind the
DNS The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
-changing Mac Trojan is the same group behind the Zlob trojan. However, Intego noted that those behind the RSPlug Trojan horse stopped their activities before those controlling Windows malware, and that it is likely that these were not the same people.


Isolation

As part of '' Operation Ghost Click'', in November 2009 the
FBI The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, t ...
brought down "a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry." The FBI estimated that more than four million computers in over 100 countries were infected by DNSChanger. One variant of DNSChanger was the RSPlug Trojan horse, which spawned a number of other variants and infected many Macs.


See also

* Mac Defender * Trojan.Win32.DNSChanger


References

{{reflist Trojan horses MacOS malware