Tech Shout!

Intego, the leading developer of Internet security has warned Mac users about the new Trojan horse that has been found on several porn Web sites. This virus is claimed to install the video codec that is necessary to watch free pornographic videos on Macs.

The Trojan sophisticatedly changes Mac’s DNS server and redirects to malicious DNS servers. After activating the malicious DNS servers, the user is further directed to known websites like eBay, PayPal, etc, where users are obvious to disclose their personal details such as names and passwords, credit card or other account- numbers. And then, the accounts are hijacked.

Or else, while visiting these wicked web sites, users are shown still photos from reputed porn sites, which lead them to click on those images with the hope of videos. With this one click, the Trojan gets installed in Mac. It also installs a root crontab that ensures its DNS server is still active.

This is reportedly done for generating ad revenues through unlawful means. The changed DNS server cannot be seen in the Mac OS X 10.4. On the other hand, this can be seen in Advanced Network preferences in the Mac OS X 10.5, where the added DNS servers are dimmed and cannot be removed manually.

Moreover, this virus also provides different versions, possibly depending on the country and user’s location.

As a remedy, Inego VirusBarrier X4 has updated its virus definitions dated October 31, 2007. The developer claims that the latest updates eliminate malicious code and prevent the Trojan from installation.