Articles Virus Software DNSChanger
|
21 August 2009
Posted in
Articles
The DNSChanger trojan virus has a particular, if infected you will not truly know whose website you are visiting, and if you use your credit card on one of those websites while infected you will have some nasty surprises on your credit card bill.
The DNSChanger trojan virus has a few other names but basically it is the same phishing virus that has just been modified enough to get around being found and cured. If you've ever visited a site or downloaded a movie that when run asks you to go to a website to download the audio/video codec.... from now on don't.
If you do decide to install – the DNSChanger trojan virus create a UNIX CRON that will modify your DNS settings. After that all your url requests will be redirected by a rouge host that will display a fake eBay.com and a fake Amazon.com.
The following image is a snapshot of the ethernet Domain Name Server settings panel of an infected Mac.... One of my Mac's.... My first Mac infection in twelve years. Notice that the Ukraine DNS's start with 85.255. and they are greyed out so there is no deleting them either.
Also keep a look out for strange or new codecs in your /System/Library/QuickTime/ and /Library/QuickTime/ folders. Virus detection software should fix this, if not you'll have to wait for a cure or do a TimeMachine restore. Failing the above the best cure is backup your data and install a fresh copy of OSX.
