Comments on: New OS X Malcode: Not Just a DNSChanger

By: matt

matt — Fri, 19 Dec 2008 08:47:24 +0000

update: i downloaded the DNSChangerRemovalTool

My DNS is back to normal but I still have this Adobe Flash in my cron search. after reading several articles tonite, it does seem like that that cron is either wrongly accused of wrong doin or indeed is part of the culprit. Anyone know for sure.. and if it is bad? how do i get rid of that?!

By: matt

matt — Fri, 19 Dec 2008 07:17:33 +0000

I fell for it – its definitely this macaccess installer Osxjahlava trojan and now have no idea what to do
(btw – i got this thru trying to download a firefox plugin for craigslist called Clpicview

In trying to fix this situation, i keep coming across sites that describe it but no resource for fixin and removing it

i also come across sites claiming to be able to fix it if you buy their software

there are other sites that mention an online scan but upon careful readin it looks like its for uploading files to be scanned and screened? which makes sense cause i cant imagine an online service that remote fixes and eliminates this trojan for me.

virus barrier apparently does the trick but the trail version only allows you to detect and not fix it? and i dont want to buy the program because im afraid to use my computer to buy anything nor do i want to wait to tomorrow to fix it!

i dont know who to trust and worse, i dont even know what kind of danger I’m in.

can anyone help me?

By: Nicholas Ptacek

Nicholas Ptacek — Mon, 01 Dec 2008 18:33:57 +0000

Greetings,
I was wondering if it would be possible for you to send us samples of the new DNSChanger variant for OS X for further analysis. Thank you for your time and assistance!

By: cw

cw — Mon, 01 Dec 2008 17:40:51 +0000

It doesn’t matter if this is “LAME” – people WILL fall for it. I work in a .edu environment and there are all kinds of people clicking on everything under the sun. It’s a hard problem to solve and it’s not easily solved with technology. In the meanwhile, messages like this from Jose who has time to perform this analysis are useful to us and others that lack the time & resources to do as much analysis as we’d like to.

By: cheapRoc

cheapRoc — Wed, 26 Nov 2008 03:12:09 +0000

Congrats, this is the lamest excuse for malware on the Mac if I’ve ever seen one. Its a shell script, which sets up crontab with some executable… which all of this has to be run by the users, mounting a disk image, launching the installer and giving it sudo access.

I think I used to write more impressive DOS trojans in Pascal for Renegade BBS software back in 1992… please this is LAME!

By: Interesting Information Security Bits for 11/25/2008 at Infosec Ramblings

Interesting Information Security Bits for 11/25/2008 at Infosec Ramblings — Tue, 25 Nov 2008 22:51:06 +0000

[...] Some nastiness that preys on Mac OS X. Not anything new, but worth noting. New OS X Malcode: Not Just a DNSChanger | Security to the Core | Arbor Networks Security [...]

By: Experiencia Personal

Experiencia Personal — Tue, 25 Nov 2008 17:26:28 +0000

Hi, i have been infected by this troyan or a similar one. I was able to clean it, but it drove me crazy.

By: Experiencia Personal » Más sobre el troyano en Mac OS X

Experiencia Personal » Más sobre el troyano en Mac OS X — Tue, 25 Nov 2008 17:22:33 +0000

[...] foro de Macurium me ha comentado que en una página se habla más sobre este tema. Esta página es Arbor Networks, una empresa dedicada a la seguridad en [...]

By: About recent OSX Trojan « Threat Researcher

About recent OSX Trojan « Threat Researcher — Tue, 25 Nov 2008 08:06:31 +0000

[...] ArborNetworks: New OS X Malcode: Not Just a DNSChanger [...]