Mutant Trojans threaten Mac users

Experts claim that the Mac Trojan has been modified to produce more than 32 variants

The malware authors behind last week's MacOS X Trojan attack are continuing development on the malicious downloads, security experts warn.

Mikko Hyppönen, chief research officer at F-Secure, said in a company blog that the Trojan had already been modified to produce more than 32 variants.

"The gang behind it seems serious about targeting Mac users as well as Windows users," wrote Hyppönen. "This is not likely to end any time soon."

The Mac Trojan was discovered last week by researchers at internet security firm Intego. The malware disguises itself as a codec file which is needed to view movies.

The code was thought to be hosted only on adult movie pages, but was soon discovered on a number of fake codec sites and in some cases was being delivered alongside Windows malware.

However, while F-Secure has warned users about the Trojan, another security executive is attempting to allay fears about the threat.

Alex Eckelberry, president of Sunbelt Software, said in a blog posting that the malicious payload in the Trojan may not be as serious as some believe.

The malware, known as DNSchanger, alters the victim's DNS server to allow the attacker to reroute website requests.

Intego reported that the Trojan could allow an attacker to hijack and redirect web requests for sites such as PayPal and eBay to phishing sites.

But Eckelberry maintains that the Trojan is not likely to redirect URL requests for major sites, and will affect users in a much more subtle way by redirecting such things as search queries to pages controlled by attackers.

"This Trojan is all about generating affiliate commissions by redirecting search results," he wrote. "So if you Google 'spyware', you will get search results that they want you to see."