http://www.youtube.com/watch?v=XrGuVTzY ... 6848.shtml
The DNSChanger Trojan horse is designed to infect both Mac OS X 10.4 Tiger and Mac OS X 10.5 Leopard. On top of this, variants of the malware are also able to compromise Windows. Depending on the operating system run by the users visiting malicious websites set up to drop DNSChanger, either the Windows or the Mac OS X version is delivered. In the end, the attack emphasizes the vulnerability of both platforms to social engineering schemes.
"The trojan changes the OS X network settings to use a different DNS server. DNS Settings are made with a tool called scutil. After installation, the script sends back an HTTP message with information that it successfully infected the system. The message contains the operating system version and the host name. The install script adds a crontab (a configuration file that specifies shell commands to run periodically on a given schedule) to a script to verify the malicious DNS servers remain unchanged," F-Secure warned.
http://news.softpedia.com/news/Think-Vi ... 6848.shtml
http://news.softpedia.com/news/New-Piec ... 6743.shtml