SecureMac, Inc.

DNS Changer 2.0e Trojan Horse

March 2, 2009

SecureMac Advisory

Posted: March 17th, 2009

Security Risk: Critical

Just after the DNSChanger 2.0d variant was identified, another new variant of the DNSChanger Trojan Horse, DNSChanger 2.0e, has been discovered in the wild. The trojan horse arrives in a disk image (some samples are called serial_Avid.Xpress.Pro.5.7.2.dmg), and is again disguised as an installer for “MacCinema,” just like the 2.0d variant. Once installed, the trojan horse behaves in a similar manner to past variants.

This variant is being distributed on websites offering “cracked” or pirated copies of software, and is initially disguised as a serial …

DNS Changer 2.0e Trojan Horse

SecureMac Advisory

Posted: March 17th, 2009

Security Risk: Critical

Just after the DNSChanger 2.0d variant was identified, another new variant of the DNSChanger Trojan Horse, DNSChanger 2.0e, has been discovered in the wild. The trojan horse arrives in a disk image (some samples are called serial_Avid.Xpress.Pro.5.7.2.dmg), and is again disguised as an installer for “MacCinema,” just like the 2.0d variant. Once installed, the trojan horse behaves in a similar manner to past variants.

This variant is being distributed on websites offering “cracked” or pirated copies of software, and is initially disguised as a serial number or crack program to circumvent registration of professional software. By avoiding websites that offer pirated software, you can limit the chances of exposure to this new variant of the DNSChanger Trojan Horse.

Symptoms of Infection by DNSChanger Trojan Horse

  1.     Website links are redirected. When you click on a link to a website (in search engine results, for example), you will be redirected to a different site, generally advertising sites.
  2.     Pop-up advertisements. Infected computers will sometimes display advertisements, including pop-up ads, usually for pornographic websites or enhancement drugs.
  3. Web pages load slowly. Web pages may take a long time to load, or time out completely when infected with the trojan horse.

 

Removing the DNSChanger Trojan Horse

You can remove the DNSChanger Trojan Horse with our free removal tool, available at http://www.dnschanger.comAdditionally, MacScan removes the DNSChanger Trojan Horse and thousands of other trojan horses, keyloggers, and tracking cookies. More information on MacScan is available at http://macscan.securemac.com

Safe Web Browsing Habits

  1.     Watch where you surf. By sticking with safe, well-known websites, you will be less likely to visit a site that will attempt to infect you with the trojan horse.
  2.     Watch what you download. Download files only from trusted sources and safe sites.
  3.     Use security features in OS X. Turn on the built-in Firewall, and consider security software, especially when a computer is shared by multiple users.

 

About MacScan

MacScan quickly detects, isolates and removes spyware from Macintosh computers using both real-time spyware definition updating and unique detection methods.  The software also manages internet-related clutter on your computer. It is designed for Mac OS X version 10.2.4 and later, and is compatible with OS X 10.5 (Leopard). For more information, or to download a demo version of MacScan, visit http://macscan.securemac.com.

About SecureMac

Since 1999, SecureMac.com has been at the forefront of Macintosh system security. The site not only features complete Macintosh Anti-Spyware and Antivirus solutions, but also operates as a clearinghouse for news, reviews and discussion of Apple computer security issues. Users from novice to the most advanced will find useful information at SecureMac that is designed to make their computer experience trouble free.

Get the latest security news and deals