If not, here's a video

Jan 21, 2008 17:16 GMT  ·  By

Think that Windows Vista is insecure, just because it's the latest iteration of the Windows line of operating systems and lack of security is taken inherently as a default characteristic? Well, here is your chance to have a look at Mac OS X. At the bottom of this article you will be able to find a video with the effects of the OSX/DNSChanger on Mac OS X, courtesy of F-Security. DNSChanger was initially detected by Intego, at the end of October 2007, and comes in a variety of versions targeting both Windows and Mac OS X operating systems.

"Social engineering techniques are used to persuade the user into downloading and running this trojan. Websites hosting video (often elicit) claim that the video cannot be viewed without installing a new codec. The user is prompted to install the 'needed' codec. Once the fake codec is installed, the video will play so as not to raise suspicion. During the installation, the local machine's DNS settings are adjusted to point towards a malicious server," F-Secure revealed.

The DNSChanger Trojan horse is designed to infect both Mac OS X 10.4 Tiger and Mac OS X 10.5 Leopard. On top of this, variants of the malware are also able to compromise Windows. Depending on the operating system run by the users visiting malicious websites set up to drop DNSChanger, either the Windows or the Mac OS X version is delivered. In the end, the attack emphasizes the vulnerability of both platforms to social engineering schemes.

"The trojan changes the OS X network settings to use a different DNS server. DNS Settings are made with a tool called scutil. After installation, the script sends back an HTTP message with information that it successfully infected the system. The message contains the operating system version and the host name. The install script adds a crontab (a configuration file that specifies shell commands to run periodically on a given schedule) to a script to verify the malicious DNS servers remain unchanged," F-Secure warned.