To many Windows users, it sounds all too familiar. Attempting to watch a video online, a prompt directs them to download a codec to enable viewing. However, the download is malware, and it infects their computer.
Now this popular, and successful social engineering technique is being used to spread a Mac OSX trojan, OSX.RSPlug.A. At this time spam is being flooded onto Mac forums trying to lure users to the sites where this is employed. The pornography sites present a still image of a video. Clicking on the image to play the video returns the following message:
Quicktime Player is unable to play movie file. Please click here to download new version of codec.
After that page loads the malware is download as a disk image (.dmg), and launches an installer. The installer requires the user to enter the admin password. If the password entered then the malware infection is complete. This infection alters DNS setting to redirect web pages, and advertisments for porn sites. However, it could just as easily be used for phishing attacks, or search redirects.
While the Geek Squad may be getting most of the bad press recently, it seems other home computer repair companies may not be fairing much better. CBC Canadian television news called 10 on-site geeks into a house with hidden cameras to repair a simple hardware problem. How many got it right? Watch the short video below to find out:
The original story and a much longer 25 minute video, including the performance of some big box retailers and a notebook system, can be found on CBC.ca Marketplace.
Is your system infected with a backdoor trojan, or remote access trojan? Maybe you received a warning from your antivirus, antispyware application, or someone helping you? What is a backdoor trojan, and why should you be concerned?
A trojan is a malicious application that appears to do one thing, but actually does another. Like it’s name sake, the mythical Trojan Horse, malicious code is hidden in a program or file that appears useful, interesting, or harmless. Popular examples are video codecs that some sites require to view online videos. When the codec is installed, it may also install spyware or other malicious software.
A backdoor trojan differs from a trojan in that it also opens a backdoor to your system. They’re also sometimes call Remote Access Trojans (RAT). These are the most widespread and also the most dangerous type of trojan. They are so dangerous because the have the potential to allow remote adminstration of your system. As if a hacker were sitting at your keyboard, only worse. There’s almost no limit to what they can do. Some common uses: