A new malware targeting Mac computers have been found and is given the name Dockster. Dockster is a backdoor malware that allows the attacker to compromise the victim’s computer by logging keystrokes and downloading files. It infects computers in the same way as the Flashback malware, which was first discovered in September, 2011. This particular exploit was due to a vulnerability in Java, which Apple had issued a patch for in April, 2012. Systems that have not been patched, however, are still vulnerable to this malware.
There’s a lot of discussion on the DNSChanger malware, with some articles using eye-catching headlines such as “malware may knock thousands off Internet on Monday.” I did some research on this topic and below are the facts around this malware.
What is DNS Changer
The DNSChanger malware was created in 2007. The affected computers had their DNS settings altered so that everytime that computer access the internet, it uses cybercriminal’s DNS server. The end result was that users would see unwanted ads, as well as being redirected to sites that were not their intended targets.
A couple of nights ago, my computer got afflicted with the WinAntiVirus malware.
It started out innocently enough: I was using Windows Media Center to watch TV, and I had IE open pointing to a portal site. As the TV program was about to end, I heard a couple of beeps. I didn’t think much of it at the time (actually by that time it was probably already too late). After the program ended, I closed Windows Media Center, and started noticing that the computer was really busy. A couple of minutes after that, I start seeing the following:
- Popup windows, popup windows, and more popup windows.
- A program called WinAntiVirus asking to see if it can install itself.
- The computer remained extremely busy.
At this time, it was obvious that I got hit by the WinAntiVirus malware (isn’t it annoying that it disguises itself as a anti-virus software?) My first job was to figure out what I can do to get rid of it. So, I went to the search engine and found a couple of sites, all of them recommending elaborate steps for removing this trouble maker.
“There must be an easier way!” I thought… I am always leery about downloading more software and going into the registry, and then I remembered Windows XP has this System Restore function that would restore the system configuration to a previous time. So, I tried this route. Lo and behold, it worked!
In addition to that, I went into the Temp folder and got rid of all the files that were created after the system first became unstable. Hopefully these steps have saved my computer from this dreaded malware.
One thing that makes me wonder is how the malware got into my computer in the first place. I was not viewing any dubious web pages, and I haven’t opened any strange email attachments. Obviously figuring out what had happened is important because I want to be able to plug that hole so that this doesn’t happen in the future. A search on the internet, however, didn’t reveal anything. If anyone has any thoughts on this, please let me know!