RSPlug
   HOME

TheInfoList



Click Here for Items Related To - RSPlug
OR:
RSPlug on:   [Wikipedia]   [Google]   [Amazon]

The RSPlug
Trojan horse In Greek mythology, the Trojan Horse () was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer, Homer's ''Iliad'', with the poem ending ...
, a form of
DNSChanger DNSChanger is a DNS hijacking Trojan. The work of an Estonian company known as Rove Digital, the malware infected computers by modifying a computer's DNS entries to point toward its own rogue name servers, which then injected its own advertising ...
, is
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
targeting the
Mac OS X macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...
operating system. The first incarnation of the trojan, OSX.RSPlug.A, was discovered on October 30, 2007 by Mac security researchers at
Intego Intego is a Mac and Windows security software company founded in 1997 by Jean-Paul Florencio and Laurent Marteau. The company creates Internet security software for macOS and Windows, including: antivirus, firewall, anti-spam, backup software ...
.


Variants

Several variants of the RSPlug trojan were found primarily on pornographic sites disguised as video codecs, and some variants were spotted on sites offering game downloads. When OSX.RSPlug.A was installed, the system's
DNS The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various informatio ...
settings were changed to redirect web browsing to
phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
web sites, or to web pages displaying ads for other pornographic web sites. There is also a version of the OSX.RSPlug Trojan which targets the
Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
platform, and it was this version that led a technical manager at F-Secure to suggest that the group behind the
DNS The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various informatio ...
-changing Mac Trojan is the same group behind the
Zlob trojan The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a trojan horse (computing), Trojan horse which masquerades as a required video Fake codec, codec in the form of ActiveX. It was first detected in late 2005, but only started gain ...
. However, Intego noted that those behind the RSPlug Trojan horse stopped their activities before those controlling Windows malware, and that it is likely that these were not the same people.


Isolation

As part of '' Operation Ghost Click'', in November 2009 the
FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and Federal law enforcement in the United States, its principal federal law enforcement ag ...
brought down "a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry." The FBI estimated that more than four million computers in over 100 countries were infected by DNSChanger. One variant of DNSChanger was the RSPlug Trojan horse, which spawned a number of other variants and infected many Macs.


See also

* Mac Defender *
Trojan.Win32.DNSChanger ''Trojan.Win32.DNSChanger'' is a Backdoor (computing), backdoor Trojan horse (computing), trojan that redirects users to various malicious websites through the means of altering the Domain Name Server, DNS settings of a victim's computer. The malwa ...


References

{{reflist Trojan horses MacOS malware