Welcome to the Virus Encyclopedia of Panda Security.
It only affects computers with Mac OS X operating system. It modifies the DNSs (Domain Name System) of the system so that they point to other malicious websites. It reaches the computer passing itself off as a codec in order to view videos in certain websites for adults.
|First detected on:||Nov. 2, 2007|
|Detection updated on:||Nov. 9, 2007|
RxPlug.A is a Trojan that only affects computers with Mac OS X operating system.
It modifies the DNSs (Domain Name System) of the computer so that they point to other malicious websites.
DNS is a name system that allows to translate from domain to IP address and viceversa.
For example, this would allow RxPlug.A to obtain confidential information through the data entered in the malicious websites.
RxPlug.A reaches the computer when downloading videos from certain websites for adults. In order to view these videos, a codec must be downloaded. However, what is really downloaded is not a codec but RxPlug.A.
Bear in mind that although this Trojan is designed for Mac OS X, the websites from which it is downloaded are able to recognize the operating system and browser of the affected computer and depending on them, different malware will be downloaded.
RxPlug.A is easy to recognize, as it reaches the computer when downloading videos from certain websites for adults.
In order to view these videos, a codec must be downloaded, and an image with a link is displayed in order to download the codec:
If the link is followed, the user must follow an installation process in which several screens are displayed, among them the one below:
And finally, user's authentication is requested in order to complete the installation:However, what is really downloaded is not a codec but RxPlug.A.
The malicious websites are the following: