Security analysis aggregation Intego has issued a aegis alive about a new Trojan Horse alleged OSX.RSPlug.A that accurately targets Mac users. The Trojan is a anatomy of DNSChanger that changes the Mac’s Domain Name Server (DNS) address. It is not a virus back it cannot bear itself.
According to Intego, the Trojan has been begin on several pornographic websites. When aggravating to appearance a movie, the user is told: “Quicktime Player is clumsy to comedy cine file. Please bang actuality to download new adaptation of codec.” When the user clicks the articulation a deejay angel (.dmg) is downloaded to the desktop. When the user installs the software, they are absolutely installing the Trojan, not a chargeless video codec.
The Trojan is installed with abounding basis privileges, which agency it has admission to all files and commands on the system. When the awful DNS server is active, it hijacks web requests, arch users to phishing websites (for sites such as eBay, PayPal and some banks) or web pages announcement ads for added pornographic web sites. The Trojan additionally installs a basis crontab that checks every minute to ensure that its DNS server is still active, the aggregation said. Back alteration a arrangement area could change the DNS server, this ensures that, in such a case, the awful DNS server charcoal the alive server. Intego says that application Mac OS X 10.4, there is no way to see the afflicted DNS server in the operating system’s interface. Under Mac OS X 10.5, this can be apparent in the Advanced Arrangement preferences; the added DNS servers are dimmed, and cannot be removed manually.
Intego has adapted its virus definitions to abolish the awful cipher and anticipate it from actuality installed.Hot on the heels of Intego’s acknowledgment of a Trojan Horse accomplishment affecting Macs, McAfee appear that the malware ancestors alleged Puper, which has been afflictive Windows users, is now targeting Macs. The description of the accomplishment – which is accustomed on the blog of virus researcher Allysa Myers – sounds appreciably agnate to that of the Trojan Horse appear by Intego.
Like Intego, McAfee warns that the malware is surfacing on pornographic websites that announce users charge install a new codec to appearance videos. The Puper malware ancestors has been “plaguing” Windows users back 2005, McAfee warns. It is the aforementioned bug that has afresh been appear as installing itself from adulterated MySpace pages. McAfee has articular dozens of altered affected codec sites currently confined this Mac malware.
