TwitterACicon86x90vert facebookACicon86x90vert
TV/Radio XFINITY | WOW! | WBBM | WXRT | B96 + Dance | US99 | K-HITS CHICAGO

   *** SCORES: BEARS | BLACKHAWKS | BULLS | CUBS | FIRE | WHITE SOX ***
YoutubeTwitterFacebookArlingtoncardinalYahoo! Google Bing Aol.ArlingtoncardinalTMZ Rotten Tomatoes ET Online Box Office MojoArlingtoncardinal Channel 9 WGN Channel 7 Chicago ABC Channel 5 Chicago NBC Channel 2 Chicago CBS Daily HeraldChicago Tribune Breaking NewsArlingtoncardinal Chicago Gas PricesFloridaCardinal.comGLOBALCONFLICTMAPS.COM Arlingtoncards.com THE GUIDE

OSX.RSPlug.A Trojan Horse on Porn Sites Eventually Cause Redirect to Malicious DNS Servers

Wed October 31 2007 2:29 pm  http://www.arlingtoncardinal.com/?p=2260
 Share The Cardinal -- Arlingtoncardinal.com Articles (E-Mail, Facebook, Twitter & More) 

CHICAGO BEARS RADIO -- WBBM Newsradio 780 "Traffic on the 8's"

OSX.RSPlug.A — a trojan horse on some porn sites — falsely claims to install a video codec necessary for viewing free pornographic videos on Macs, but when users click on the still images to view the content they are directed to a web page that falsely requires a new version of a codec to play the movie file with QuickTime. Safari users who have checked the “Open ‘Safe’ Files After Downloading” option in General Preferences will see a disk image which is downloaded to Mac automatically, and the installer application will automatically launch.

Proceeding with the installation, which includes entering the administrator password, installs the trojan horse and grants the malicious software full root privileges. No codec is actually installed and users who return to the website get another download request.

The OSX.RSPlug.A Trojan is a form of DNSChanger, using the scutil command to change the Mac’s DNS server — a service that translates hostnames like macnn.com to their numerical IP addresses. Using a malicious DNS server, the Mac hijacks some Web requests for phishing or to generate revenue from pornographic advertisements.

Under Mac OS X 10.4 Tiger there is no way to see the changed DNS server in the operating system’s graphical user interface, although in Mac OS X 10.5 Leopard users can see the change in the Advanced Network preferences; the added DNS servers are dimmed and cannot be removed manually.

Intego reports all versions of Mac OS X include the scutil command, suggesting that all versions are vulnerable to the new trojan.

Intego Security Memo (10/31/2007):
OSX.RSPlug.A Trojan Horse Changes Local DNS Settings to Redirect to Malicious DNS Servers

CLEAR SKIES?  Weather Data for Wednesday, October 31st, 2007

   

IMPORTANT NOTE: All persons referred to as subjects, defendants, offenders or suspects, etc. are presumed to be innocent unless and until proven guilty beyond a reasonable doubt in a court of law.


Try a more powerful search in the box below ... SEARCH BOX PRODUCES RESULTS FOR The Cardinal -- Arlingtoncardinal.com ...
(POWERFUL SEARCH for The Cardinal, which can be expanded on the results page.)

Where background Wikipedia info/photos are used, original work is modified and released under CC-BY-SA.

! MORE NEWS FAST!!! MOST RECENT: CRIMEBLOG | MOST RECENT: FIREBLOG | SUBMIT NEWS TIPS
::: Health, wellness and fitness gifts! CoolFitnessGifts.com ::: Cubs, Sox caps at ChicagoFanfare.com :::

ARLINGTON HEIGHTS BREAKING NEWS --The Cardinal -- Arlingtoncardinal.com is a breaking news blog with Arlington Heights & Chicagoland emphasis. Early breaking reports may prove to be inaccurate after follow-up investigation, which may or may not be updated in The Cardinal -- Arlingtoncardinal.com. For in-depth coverage, please also check the following links for network television, cable news networks and Chicago local media coverage ...

Daily Herald | Daily Herald -- Arlington Heights | YouTube.com/DailyHeraldClips
Today's headline videos: FOXNews Video | YouTube.com/FoxNews | Associated Press | The Cardinal
Chicago Area Newspapers
CNN Arlington Heights  FOXNEWS  BREITBART.COM  cbs2chicago  NBC 5 Chicago  abc7chicago   WGNTV      WGNRADIO720  NEWSRADIO 78  CHICAGO BREAKING NEW  Daily Herald Arlington Heights  Chicago Tribune   Seed Newsvine
 
Video LOGO youtube Twitter Arlingtoncards facebook battery status Cardinal Calendar Search Batteries Plus RSS Help ...
All Headlines
crimeblog | fireblog
« EARLIER | SEARCH ARTICLES BY DATE -- Arlingtoncardinal.com/searchdate | LATER »

Comments for Arlingtoncardinal.com
COMMENTS are now available via one or more of our official Facebook pages. Comments no longer appear on the Arlingtoncardinal.com article per se. Please comment on Facebook.com/ArlingtonCardinal or check the other popular Arlington Cardinal Facebook pages at Arlingtoncardinal.com/about/facebook ...

SUBMIT CRIME TIPS ...
Anyone having information about serious crime in Arlington Heights should register on CitizenObserver.com and look for the anonymous TIP411 feature, or call Arlington Heights Crime Stoppers at 847-590-STOP (847-590-7867). Callers are guaranteed anonymity and may qualify for a cash reward of up to $1,000. Not a resident of Arlington Heights? Check CitizenObserver.com for availability for your community.

   Arlingtoncardinal.com/traffic | Traffic on Twitter

CHICAGOLAND RADAR


Weather radar map is provided by DarkSky.net
Arl Hts Weather | NEXRAD | FULL SCREEN RADAR

RSS Cardinal Weather Center

US & WORLD NEWS

Top News Video …

CHICAGOFIREMAP.NET TWITTER

digital-lifestyle.com

TMZ Plus …

RSS OBITUARIES