Home / malware MAC.OSX.Trojan.DNSChanger.A
First posted on 21 November 2011.
Source: BitDefenderAliases :
MAC.OSX.Trojan.DNSChanger.A is also known as Trojan.Mac.Dnscha.f, Mac.DnsChange.2, MacOSX/DNS.E.
Explanation :
This malware comes usually in the form of disk image for a keygenerator/crack for various applications.
Once mounted the image shows an installer package which contains a malicious bash script.
Upon execution it modifies the system's Domain Name System (DNS) settings to use :
* xxx.xxx.112.171
* xxx.xxx.113.93,
, which means that the attackers could use those dns servers to deliver malware, ads to the infected computer.
It adds a crontab entry that is set to execute a a file named
* %System Root%/Library/Internet Plug-Ins/plugins.settings,
which is just a copy of the malicious bash script.Last update 21 November 2011