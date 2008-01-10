Spyware, Viruses, & Security forum

Free removal tool for Mac trojan

by Marianna Schmudlach / January 10, 2008 10:48 PM PST

Report of 11.01.2008

A free removal tool is now available for the Mac trojan which disguises itself as a video codec on pornographic sites. Its task is to remove the malware from infected systems and correct the DNS settings altered by it.

About two months ago, a malware sample lurking on crafted pornographic pages caused concern. To view the adult movies offered, users had to install a codec. Although this isn't exactly a new trick, it was the first time that Mac OS X users were targeted by this type of malware in the wild.

When executed, OSX.RSPlug.A changes the DNS settings to those of malicious servers controlled by the criminals behind the trojan. This enables them, for example, to initiate phishing attacks. Removing the malicious software proves difficult for normal users as the malware sets up a cron job that checks whether the system is still infected every minute, and reinfects it when required.

More: http://www.heise-security.co.uk/news/101657

