<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
--></style><title>Trojan Horse: WD Passport HD</title></head><body>
<blockquote type="cite" cite>Found my first Trojan Horse on a Western
Digital "My Passport<br>
Essential HD". The drive cannot be modified or written to (even
with<br>
permissions set to read and write) and it contains an installer<br>
package which, when clicked, tells you it will install
"Porn4Mac".<br>
<br>
For obvious reasons, that set off alarm bells, so I googled it and<br>
found this on a cached blog page:<br>
<br>
New Variants of the RSPlug Trojan Horse<br>
<br>
Intego first reported on the OSX.RSPlug Trojan Horse back in
October<br>
of 2007. Since then, the people behind this malware have been busy<br>
making variants in order to better trap Mac users. Most of the<br>
variants aren't really variants; they are simply disk images with<br>
different names from the original. (One antivirus vendor claimed
to<br>
have found some three dozen such variants, but did not, it seems,<br>
examine the code to see that they were all the same.)<br>
<br>
Other variants include two whose code are different, but
especially<br>
variants that purport to install differently-named software. The<br>
original RSPlug Trojan horse installed "software" called
MacCodec;<br>
other versions' installers claim to install MacVideo or Porn4Mac.<br>
Also, the containers - the disk images containing the installers -<br>
differ. The first version was found in a series of disk images
named<br>
with four digits followed by the disk image extension: for
example,<br>
1023.dmg. Others have included operacodec1234.dmg,<br>
nitroticket2018.dmg, uincodec4264.dmg, and ixcodec1292.dmg. (Note
that<br>
there may be variations in the numbers contained in these names,
as<br>
well as the names themselves.)<br>
<br>
In any case, this Trojan is alive and well, and recent posts in
Mac<br>
forums show that users are still being infected. Intego
VirusBarrier<br>
protects against all these variants, and will continue to protect<br>
against new ones as they are discovered.<br>
Posted by Peter on April 11, 2008 in Intego Software, Security<br>
<br>
<a href="http://tinyurl.com/4tdtc2">http://tinyurl.com/4tdtc2</a><br>
</blockquote>
<blockquote type="cite" cite>(<a
href=
"http://209.85.165.104/search?q=cache:KjlNCh0y-KcJ:aureomonteiro.blogspot.com/2008_04_01_archive.html+passport+drive+porn4mac&hl=en&ct=clnk&cd=1&gl=us"><span
></span
>http://209.85.165.104/search?q=cache:KjlNCh0y-KcJ:aureomonteiro.blog<span
></span
>spot.com/2008_04_01_archive.html+passport+drive+porn4mac&hl=en<span
></span>&ct=clnk&cd=1&gl=us</a><br>
)<br>
</blockquote>
<div><br></div>
<div>from another list</div>
<x-sigsep><pre>--
</pre></x-sigsep>
<div><font face="Lucida Grande" color="#000000"><b>Victoria L.
Herring</b>, Discrimination/Civil Rights Attorney,
http://www.herringlaw.com; Travel Research/Photography site,
http://www.JourneyZing.com; Online Gallery-
http://gallery.journeyzing.com. Des Moines, Iowa;
515-255-4475</font></div>
</body>
</html>