Softpedia >News >Apple >Mac
Softpedia Homepage   

DNSchanger Trojan Targets Mac OS X 10.5 Users

Mac users confused as trojan starts taking over machines after installing the 10.5.5 update

Sep 26, 2008 11:45 GMT  ·  By
Trojan Horse
   Trojan Horse

Soon after Apple's OS X 10.5.5 software update was out, users started reporting issues with their web browsing experience. Apple Discussions was rapidly flooded with posts from users claiming that their web browsing had become exceptionally slow. After a little digging on behalf of the affected users, a certain “DNSchanger” trojan horse malware was found responsible for causing the slow Internet access in Mac OS X.

Apple Discussions member Roippeli wrote, "My Internet used to work fine on my mac, until today. I don't know what it is. I used to run both connections (to mac/pc) via D-Link DI-524 and the connection worked fine. Today my PC-Internet was working fabulous, but at the same time my mac was struggling. It took a very long time to connect even to apple.com, 1-2 minutes. Some sites it couldn't even load. I took the d-link router away and connected the mac straightly to my wlan-modem/ethernet box, but the problem stayed."

Given that some started experiencing all this a week after the 10.5.5 update, it was discovered that Mac users were faced with a DNS issue. However, the problem could be caused by a known trojan horse malware package called "DNSChanger" (also known as "OSX.RSPlug") “only for some users,” reports MacFixIt.

Basically, the malware modifies the DNS settings of the active network connection, and reverts them immediately, even if users make the proper adjustments. According to the source, this trojan is likely to stem from users' attempts at playing certain QuickTime movies which, in some cases, force them to download and install a “codec,” to be able to watch. Once downloaded and run, the malicious package infects Macs and their DNS records get changed. This considerably slows down Internet access.

Finally, one Apple Discussions poster noted that he had tried the "dns changer remover" tool and, not surprisingly, “it found a trojan.” After deleting it, the program required the user to restart his computer. “That's what i did and now it's running fine again,” the noticeably relieved Mac owner wrote.