Virus Announcer - The Puper Trojan is spreading on Mac OS X.
The Puper.A Trojan attempts to infect computers running Mac OS X, which also involves users.
A Puper.A Trojan is trying to trick Mac OS X users into opening a file with tricks like we've come across with Windows malware. The writers of Puper have created a website that is trying to get visitors to download an HDTV player app. If the user downloads and then opens the file, the path is freed before the Trojan and it can continue to perform its malicious activity without hindrance.
Puper.A primarily tries to achieve its goal by changing its DNS settings, which is to download additional malware by redirecting to different websites. When the Trojan is done, it restores the original DNS settings so that it can remain as unnoticed as possible on infected systems.
When the Puper.A Trojan starts, it performs the following actions:
- Copy your own file to the following directory:
/ Library / Receipts - Create the following files:
/ Library / Internet Plug-Ins / AdobeFlash
/ Library / Internet Plug-Ins / Mozillaplug.plugin - Changes DNS settings. This will redirect you to malicious websites.
- Modify the crontab settings so that you can run the following script properly:
/ Library / Internet Plug-Ins / AdobeFlash - Restores the original DNS settings.
