Security & Privacy

Yesterday, the Twitter feed of Guy Kawasaki, well-known tech entrepreneur, was hacked using a feed which he thought was moderated but was not, which sent a tweet saying the following:

For those who don’t follow celebrity news, Leighton Meester is an actress in the TV series Gossip Girl, and there are suggestions that she may have made a porn film when she was 18. Apparently, someone is trying to sell this tape, and one assumes that a number of Internet users would like to see it. (Note that more than 130,000 people follow Guy Kawasaki’s Twitter feed.)

So this hacked tweet directs people to a web site that features a number of pornographic images, including an “embedded video” of the sex tape. Users click an arrow on the video’s frame to view it, but, Oh! Surprise! This merely downloads a disk image called ActiveXsetup.dmg. If the user opens this disk image and runs the installer package, they see this screen:

This is the now-common installer screen for the RSPlug Trojan horse (first discovered by Intego in October 2007), which, if installed, does many bad things to your Mac.

This is yet another attempt to get this Trojan horse into circulation, following close on last week’s discovery of game sites spreading the Trojan.

The groups behind this Trojan seem heavily motivated to keep this Trojan in circulation, and new vectors will certainly be found. Just remember, don’t install anything you download from un-trustworthy sources, and use Intego VirusBarrier X5 to ensure that you don’t get infected from this and other types of Mac malware.