0 Members and 1 Guest are viewing this topic.
Security research company Intego on Monday issued a security alert about a new Trojan Horse called OSX.RSPlug.A that specifically targets Mac users. The Trojan is a form of DNSChanger that changes the Mac’s Domain Name Server (DNS) address.According to Intego, the Trojan has been found on several pornographic Web sites. When trying to view a movie, the user is told that “Quicktime Player is unable to play movie file. Please click here to download new version of codec.”When the user clicks the link a disk image (.dmg) is downloaded to the desktop. When the user installs the software, they are actually installing the Trojan, not a free video codec. The Trojan is installed with full root privileges, which means it has access to all files and commands on the system.When the malicious DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks) or to web pages displaying ads for other pornographic web sites, according to Intego.The Trojan also installs a root crontab which checks every minute to ensure that its DNS server is still active, the company said. Since changing a network location could change the DNS server, this cron job ensures that, in such a case, the malicious DNS server remains the active server.
Hey Mac, Is this anything for mac users to be concerned about? http://www.news.com/8301-10784_3-9807471-7.html
Win32:DNSChanger-OL [trj], Win32:DNSChanger-OM [trj], Win32:DNSChanger-ON [trj], Win32:DNSChanger-OO [trj], Win32:DNSChanger-OP [trj], Win32:DNSChanger-OQ [trj], Win32:DNSChanger-OR [trj], Win32:DNSChanger-OS [trj], Win32:DNSChanger-OT [trj], Win32:DNSChanger-OU [trj],
this malware downloads a specific variant of dnschanger dependant to OS... we got more windows samples than the mac ones... anyway - also the mac variant should be supported..
Also, malware researchers: You may be able to find the DNS Changer Trojan by going to a DNS changer codec site, and using “.dmg” as your file extension instead of “.exe”. As an example, vivacodec(dot)net/download/vivacodec1000.exe downloads the Windows trojan. But going to vivacodec(dot)net/download/vivacodec1000.dmg brings down the Mac binary. Remember to set your user agent to look like a Mac. (Obviously, don’t download these binaries unless you know what you’re doing.)