TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
OSX_DNSCHAN.A
Overview
Solution

Malware type: Trojan

Aliases: OSX/RSPlug-Gen (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Mac OS X

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

OSX_DNSCHAN.A Behavior Diagram

Malware Overview

This Trojan arrives as a DMG file downloaded from a certain Web site. A DMG file is a mountable disk image created in Mac OS X, and is commonly used for software installers downloaded from the Internet.

It tricks the user into thinking that a legitimate video codec program is being installed. It even includes an End User License Agreement (EULA) to complete its scam. However, once running on an affected system, this Trojan drops a malicious Bash script files detected by Trend Micro as UNIX_DNSCHAN.A. As a result, routines of the dropped malware are also exhibited on the system.

Two versions of this malware exists, depending on the Internet browser and operating system used to download it (Windows or Mac OS X). Note that one of the two versions can be downloaded on the same remote site.

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 1, 2007 5:34:11 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.