Thursday, July 2, 2009

Lady Gaga's Latest Album leads to Malware Download

The RSPlug trojan horse seems to be spawning quite rapidly the past few months. After only a few days when a variant of this trojan horse was spotted on a gaming website, our Malware Research Team discovered a newer variant of this threat lurking in a website offering free "music" downloads.

This new variant, which iAntivirus detects as Trojan.OSX.RSPlug.M, disguises itself as one of the many music album downloads available in the website like Lady Gaga's latest album pictured above. All music album links in the website will lead Mac users to download disk images containing RSPlug.M. Windows users, however, are led to download its Windows executable counterpart which PCTools Internet Security for Windows detects as Trojan.Alureon.a.

This new variant exhibits the same behavior just like the others. The only notable difference is a slight modification in the code to evade Antivirus scanners.

Mac users should be wary when downloading music from untrusted sources. It's also worth mentioning that digital music doesn't normally come as a disk image file (.dmg), and this alone should raise one's suspicion that the file being downloaded is not legit.