Recently, there have been a number of programs discovered for the Mac that do Bad Things®. These programs are, in general, referred to as “Trojan Horses”. The particular trojan horse discovered recently is called “OSX.RSPlug.A Trojan.”
In this article, we’ll discuss just what these trojan horses are, how you can avoid them, and what to do if you get it.
What They Are
Trojan horses refer to software that claims to do something helpful, but in reality do something entirely different. You can read more about them here.
Basically, someone tells you that their software will do the dishes, walk the dog, and end world hunger. You look at that and say, “Hey, that sounds great!” You download the software and install it. But you quickly find that the dishes are still piling up, folks are still hungry, and the dog just pooped in the living room. And to top it all off, your Mac is now acting all weird. Ouch!
In the most recent incarnation, the software claims to be a “codec” that will allow you to view movies or pictures that won’t open up otherwise. At the moment, it’s circulating around pornography sites, but I’d expect that it could show up on other sites and trick users into installing it.
Defending against these little critters can be tough. From a technical point of view, there’s no security flaw that they abuse. Viruses typically use some flaw in the computer to do their thing. But trojan horses use the power that a typical user is supposed to have to do things they would normally do. They follow the normal channels and appear, to the computer, as something the user wants. And Macs have a way of doing what the user wants.
How to Avoid These
Believe it or not, side stepping this whole mess is rather easy. Trojans depend on the user being duped into installing them. The best way to protect yourself against them is to be very careful about any software you install. There’s a lot of really good software out there on the internet. Telling you to never install any software would be a little overkill. The golden rule is really:
Don’t install software from someone you don’t trust.
It sounds pretty simple. Like “Don’t take candy from strangers. Unless it’s Halloween. Or a carnival. Or a parade.” Hey, wait a minute…
Seriously, there are some places you can download software from that’s pretty safe. Apple, for example, is rather unlikely to be distributing software that does anything terribly malicious. Microsoft also (although some might argue…)
But how do you tell with some of the smaller software titles that are out there? Here are a couple suggestions:
1. Did they find me or did I find them?
If the software found me, I’m immediately suspicious. What does it mean, “they found me”? Well, maybe I’m surfing a web page and the page insists that I have to install some software to use their site. Or the web site tells me that my computer needs some optimization or repair. Trust me, a web site cannot know if my machine needs such things. And Apple includes most of the plug-ins I’ll need to view the web. It’s probably a ploy.
Another way “they find me” is via e-mail. It’s becoming less common, but sometimes people will try and e-mail you something and ask you to install it. They may even claim to be from your bank or ISP. Trust me, your bank, your ISP, nor Apple, nor Microsoft will ever e-mail you a bit of software you have to install. It’s certainly a ploy.
2. Check their reputation
But what if this is a piece of software that you went out and found? Now what? The first thing I do is run the specific software name or title through Google. If this is a real piece of software and not a trojan, you’ll probably find plenty of remarks from other people using the software. Possibly user discussion boards, bug report sites, etc. You may see the software’s been through several versions. Basically, if you see people talking about it and using it, it’s probably OK. Trojan horses, by their nature, don’t develop a user community. They develop lots of users saying “Don’t do it! Beware!”
3. Check the Software with a Virus Scanner
Before you install any software which you are not absolutely sure of, you should run it through a virus scanner. I’ve talked about free virus scanners before.
Trojan horses do not do anything just by downloading them. They have to be “run” or “installed” by you. The time to check them is before you do so. It’d be great if you could do it before you download them, but that’d be a little hard.
One thing to be careful of: most virus scanners don’t know how to look inside of Apple disk images. This is the preferred way of distributing software on a Mac. You might have to mount a disk image first, then scan the contents to really get a good look at what’s going on.
How to Get Rid of it
The most recent editions of the trojan can be removed easily enough. The Intego antivirus program removes it pretty easily. You can also follow these instructions to remove it yourself.
Wrap up
At the end of the day, I still believe that a Mac OS X computer is still much safer for the average user than a Windows PC. But they’re not invincible, and common sense is still required. Just like in the real world, a touch of suspicion is be a good thing.
If someone approaches you on a street corner offering you a Rolex, you’re probably not going to bust out your wallet. If you went into a seedy looking used car lot, I’d bet you’d take that car to a mechanic before you signed on the dotted line. Same thing applies on the internet.
