- Mar 15, 2011
- 13,070
Security researchers from F-Secure have identified a new Mac OS X click fraud trojan which hijacks Google searches by inserting a rogue DNS entry into the hosts file.
The trojan comes hidden as a Fake Player installer so it is probably distributed as part of a social engineering attack that asks users to update Flash Player to see a video or something similar.
Once run on the system, the trojan modifies the operating system's hosts file and inserts an entry that points all Google sites (www.google.*) to a rogue IP address under the attackers' control.
The hosts file can be used to manually specify DNS entries that take precedence over the responses sent by the system's DNS server.
Read More
F-secure link