SecurityHome.eu MAC.OSX.Trojan.DNSChanger.A

Home / malware PDF

MAC.OSX.Trojan.DNSChanger.A

First posted on 21 November 2011.
Source: BitDefender
Aliases :
MAC.OSX.Trojan.DNSChanger.A is also known as Trojan.Mac.Dnscha.f, Mac.DnsChange.2, MacOSX/DNS.E.
Explanation :
This malware comes usually in the form of disk image for a keygenerator/crack for various applications.

Once mounted the image shows an installer package which contains a malicious bash script.

Upon execution it modifies the system's Domain Name System (DNS) settings to use :
* xxx.xxx.112.171
* xxx.xxx.113.93,
, which means that the attackers could use those dns servers to deliver malware, ads to the infected computer.

It adds a crontab entry that is set to execute a a file named
* %System Root%/Library/Internet Plug-Ins/plugins.settings,
which is just a copy of the malicious bash script.
Last update 21 November 2011

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Family:

Trojan:W32/Qhost.JE
Trojan-Downloader:HTML/Agent.DY
Trojan.Cidox!kmem
Trojan.Ransomlock!g75
Trojan.Klovbot!gen2
Trojan.Poweliks!gm
Trojan.Shylock!gen9
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan:SymbOS/Bootton.I