OS X Trojan Horse – OSX.RSPlug.A

Generally speaking Mac OS X has very good security background and that is commonly used as a sales pitch, rightfully so, or to simply rub it into your Windows using friends face. Because of that, every single time there is a minor Mac OS X security advisory every Windows users comes out of the woodwork screaming “you see! I told you! OS X is not secure!”… and that is obviously bullshit.

As I am reading my evening news I came across a news story about a new OS X trojan called OSX.RSPlug.A. After reading the advisory it quickly became very clear that this is nothing more than FUD (fear, uncertainty, and doubt) being spread by a company that is trying to sell Mac security software. Here is a quote directly from the “critical” advisory

After the page loads, a disk image (.dmg) file automatically downloads to the user’s Mac. If the user has checked Open “Safe” Files After Downloading in Safari’s General preferences (or similar settings in other browsers), the disk image will mount, and the installer package it contains will launch Installer. If not, and the user wishes to install this codec, they double-click the disk image to mount it, then double-click the package file, named install.pkg.

If the user then proceeds with installation, the Trojan horse installs; installation requires an administrator’s password, which grants the Trojan horse full root privileges. No video codec is installed, and if the user returns to the web site, they will simply come to the same page and receive a new download.

Everyone, hold your presses, I just discovered a new destructive virus that effects all UNIX and UNIX based operating systems, it is absolutely critical! Here is the source code

rm -rf /

All you have to do is download it, login as administrator, chmod +x it, execute it and then it will cause all kinds of havoc.