Arrival and Installation
This Trojan can be downloaded from the following remote site:
It arrives on the affected system as a DMG file. A DMG file is a mountable disk image created in Mac OS X, and is commonly used for software installers downloaded from the Internet.
This Trojan tricks the user into thinking that a legitimate video codec program is being installed. It also includes an End User License Agreement (EULA).
Upon the completion of its installation routine, this Trojan drops the malicious Bash script file detected by Trend Micro as UNIX_DNSCHAN.A.
Two versions of this malware exists, depending on the Internet browser and operating system used to download it (Windows or Mac OS X). Note that one of the two versions can be downloaded on the same remote site.
When using a Windows platform to connect to the malicious Web site, the downloaded file also uses a .DMG extension. However, examining its contents would show that it is actually an EXE file.
This Trojan runs on Mac OS X.
Analysis By: John Symelle Ortiz Luis