My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

MAC.OSX.Trojan.DNSChanger.A

VERY LOW
VERY LOW
aprox 1kb
(Trojan.Mac.Dnscha.f, Mac.DnsChange.2, MacOSX/DNS.E)

Symptoms

       Increased network activity.
       Suspicious websites when browsing the internet.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Daniel RADU, Senior Virus Researcher

Technical Description:

        This malware comes usually in the form of disk image for a keygenerator/crack for various applications.
       
        Once mounted the image shows an installer package which contains a malicious bash script.

        Upon execution it modifies the system's Domain Name System (DNS) settings to use :
               * xxx.xxx.112.171
               * xxx.xxx.113.93,
, which means that the attackers could use those dns servers to deliver malware, ads to the infected computer.

       It adds a crontab entry that is set to execute a a file named
               * %System Root%/Library/Internet Plug-Ins/plugins.settings
,
which is just a copy of the malicious bash script.