Tuesday, August 25, 2009

More Variants of RSPlug Discovered

PC Tools' Malware Research Team recently discovered quite a few variants of a DNS changing trojan called RSPlug in the wild.

Three strains of this ubiquitous Trojan have been discovered masquerading as a Foxit Reader PDF viever, a Quicktime Pro update, and a Flash Player installer. PC Tools iAntivirus detect these variants as Trojan.OSX.RSPlug.O, Trojan.OSX.RSPlug.P, and Trojan.OSX.RSPlug.Q respectively.

Like all the other variants, these newly discovered trojan variants pose as legitimate software in order to lure users to download and run them on their computer. This will enable the trojan to change the DNS settings on the compromised computer and redirect the user to phishing websites and such.

We highly advise iAntivirus users to Smart Update for the latest protection in Mac threats, and to avoid untrusted websites in the Internet, which may harbor such malicious files.