Free removal tool for Mac trojan
A free removal tool is now available for the Mac trojan which disguises itself as a video codec on pornographic sites. Its task is to remove the malware from infected systems and correct the DNS settings altered by it.
About two months ago, a malware sample lurking on crafted pornographic pages caused concern. To view the adult movies offered, users had to install a codec. Although this isn't exactly a new trick, it was the first time that Mac OS X users were targeted by this type of malware in the wild.
When executed, OSX.RSPlug.A changes the DNS settings to those of malicious servers controlled by the criminals behind the trojan. This enables them, for example, to initiate phishing attacks. Removing the malicious software proves difficult for normal users as the malware sets up a cron job that checks whether the system is still infected every minute, and reinfects it when required.
The SecureMac security team has now made a free removal tool available. The vendor also produces the MacScan anti-spyware package for Mac OS X, which costs 30 US dollars. This allows Mac users who inadvertently installed the supposed video codec to cleanse their systems.
- Download the removal tool
- Mac trojan in video codec used on porn websites , heise Security news, 1 November 2007