According to information from Intego, this new Trojan virus is found at some pornographic websites. When a user opens a movie, a message will appear: " This movie cannot be opened by the computer. Click here to download the new codec version ".
When the user clicks on the link, a rotating disc will appear showing the download screen. When users install this software, it is when they install Trojan, not a free video. The Trojan will be installed and this means it has access to all files and commands for the entire system.
Appeared Trojan Horse virus attacks Mac computers Picture 1 Intego also said that when the DSN server is activated, it will attack certain web site requests, leading users to phishing sites (such as Ebay, Paypal and some banks) or advertising websites. for other pornographic sites.
Besides, this "uninvited guest" also installs a crontab every minute it checks to make sure the DNS server is still active. If you change the network of a computer it can change the DNS server, cron's job will ensure that while the malicious DNS server still keeps the server running.
Intego also warned that for Mac OS X 10.4 computers there is no way to detect a change in the DNS server in the operating system interface. However, for Mac OS X 10.5, the change can be found in Advanced Network preferences. The added DNS servers are very fuzzy and cannot be deleted simply.
Currently, Intego has updated the virus to remove malicious codes and prevent the entry of OSX.RSPlug .