Jump to content


Mac OS X: DNSChanger Trojan

  • Please log in to reply
No replies to this topic

#1 screen317


    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,815 posts

Posted 16 January 2008 - 06:00 PM

"This trojan attacks users attempting to play a fake video file. Affected systems are used to hijack some Web requests that lead users to other phishing sites, or simply display ads for other pornographic websites to generate ad revenue. Phishing attacks may lead users to believe they are surfing to eBay, Paypal, or various banks when in fact they are accessing specially-crafted mockups designed to retrieve usernames and passwords for those sites. Upon attempting to play the video, the victim receives the following message: 'Quicktime Player is unable to play movie file. Please click here to download new version of codec.'"

"The trojan is rated as a critical risk by Intego, and is known to affect Mac OS X 10.4 Tiger as well as Mac OS X 10.5 Leopard. Intego is testing prior versions of Mac OS X, but believes them to be vulnerable as well."


A tool is available at ^that website, if you believe your Mac has been infected, although I can't vouch for the success rate, yet.

Please consider donating to help support the continued prompt and excellent services of this site.

Member of UNITE
Support SpywareInfo Forum - click the button