In association with heise online

11 January 2008, 12:00

Free removal tool for Mac trojan

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A free removal tool is now available for the Mac trojan which disguises itself as a video codec on pornographic sites. Its task is to remove the malware from infected systems and correct the DNS settings altered by it.

About two months ago, a malware sample lurking on crafted pornographic pages caused concern. To view the adult movies offered, users had to install a codec. Although this isn't exactly a new trick, it was the first time that Mac OS X users were targeted by this type of malware in the wild.

When executed, OSX.RSPlug.A changes the DNS settings to those of malicious servers controlled by the criminals behind the trojan. This enables them, for example, to initiate phishing attacks. Removing the malicious software proves difficult for normal users as the malware sets up a cron job that checks whether the system is still infected every minute, and reinfects it when required.

The SecureMac security team has now made a free removal tool available. The vendor also produces the MacScan anti-spyware package for Mac OS X, which costs 30 US dollars. This allows Mac users who inadvertently installed the supposed video codec to cleanse their systems.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit