“The [Mac DNS Changer] Trojan is relatively simple and works almost exactly the same as its brother for Windows operating systems. In case of execution, the Trojan changes the DNS settings on the machine and reports back to the C&C server,” Bojan Zdrnja reports for SANS Internet Storm Center.
“While the Trojan is relatively simple and not a big threat, two things came to my mind immediately: the bad guys are taking Mac now seriously – this is a professional attempt at attacking Mac systems (and they could have been much more damaging really). The second thing that folks at Sunbelt noticed is that when they sent a sample to VirusTotal there were 0 (zero, nada, nilch) products that detected this,” Zdrnja reports.
“Although the Trojan is really simple, it could have done much worst things (once the installer script has root privileges, it is game over anyway). This malware shows that we must not ignore Mac machines and that Mac users should not think they are invulnerable just by using a Mac and that they can click on absolutely everything,” Zdrnja reports.
Full article here.
McAfee calls this one “OSX/Puper” and rates its risk as “Low” for both home and corporate users, explaining, “Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. This trojan is most commonly installed by going to a malicious site.”
Full article here.
MacDailyNews Take: This is not the first Mac trojan, nor will it be the last. There’s not much else to say here beyond that the old rules still apply: Do not enter your Mac OS X admin password to install anything from an unknown and/or untrusted source.