Tuesday, July 21, 2009

Say No to Software Piracy

A new variant of the RSPlug Trojan horse, aptly named by PC Tools as Trojan.OSX.RSPlug.N, was spotted in a warez web site masquerading as a keygen (serial number generator) for the Mac OS X Leopard.

Unwary Mac users looking to save a few bucks on a pirated Mac OS X will most likely get infected by this Trojan horse, but if you're keen enough, you'll notice that this keygen, particularly the details in the web site as seen in the picture above, is pretty odd and dubious. First, Mac OS X Leopard was never available for AMD processors as it only supports Intel, and PowerPC processors. Second, it doesn't make use of a serial number, so this keygen would be of no use for users who doesn't want to pay for legitimate software. Ehem, we shouldn't be supporting software piracy and downloading keygens in the first place.

Anyway, this new version of RSPlug is essentially the same in terms of function like the other variants. Read a detailed description of the RSPlug trojan here.

PC Tools iAntivirus has updated their database to protect its users from Trojan.OSX.RSPlug.N, so Smart Update now for utmost protection on the latest threats!

Saturday, July 18, 2009

Mozilla Firefox Memory Corruption Vulnerability Fixed in 3.5.1

Mozilla recently announced a bug in Firefox 3.5's Just-In-Time (JIT) compiler in which an error in its escape() function could lead the browser into a corrupt state, thereby allowing attackers to run arbitrary code such as installing malware.

Earlier versions of Firefox which does not support the JIT compiler are not affected. However, this is considered a critical vulnerability as there are already reports of an exploit code for this security flaw in the wild. Mozilla, after learning about this security issue, quickly posted a workaround solution until a fix has been provided.

Fortunately for us Firefox users, Mozilla has already released Firefox 3.5.1 to resolve this issue. PC Tools' Malware Research Team highly advises users to update to this new version ASAP.

Mozilla Firefox 3.5.1 can be downloaded here.

Thursday, July 9, 2009

Safari Update Now Available for Download

Apple has released Safari version 4.0.2 for Mac OSX 10.4 and 10.5, Windows XP, Vista, and 7 beta which, according to the release notes, improves the stability of its Nitro JavaScript engine, and also includes two security fixes.

The said security fixes addresses the issue on Webkit's handling on the parent and top objects which may result in a cross-site scripting attack when visiting a maliciously crafted website, as well as its handling of numeric character references which causes memory corruption. Apple has posted a knowledge base article on these two vulnerabilities, and more information can be found here.

This 40MB update is available via Software Update, or by manual download in the Apple website.

Thursday, July 2, 2009

Lady Gaga's Latest Album leads to Malware Download

The RSPlug trojan horse seems to be spawning quite rapidly the past few months. After only a few days when a variant of this trojan horse was spotted on a gaming website, our Malware Research Team discovered a newer variant of this threat lurking in a website offering free "music" downloads.

This new variant, which iAntivirus detects as Trojan.OSX.RSPlug.M, disguises itself as one of the many music album downloads available in the website like Lady Gaga's latest album pictured above. All music album links in the website will lead Mac users to download disk images containing RSPlug.M. Windows users, however, are led to download its Windows executable counterpart which PCTools Internet Security for Windows detects as Trojan.Alureon.a.

This new variant exhibits the same behavior just like the others. The only notable difference is a slight modification in the code to evade Antivirus scanners.

Mac users should be wary when downloading music from untrusted sources. It's also worth mentioning that digital music doesn't normally come as a disk image file (.dmg), and this alone should raise one's suspicion that the file being downloaded is not legit.