Skip navigation.
Home

How To Download DNSChanger DMG In Windows?

There has been an increase prevalence of DNSChanger DMG threats. These capture more attention but unfortunately some analysts cannot download the right installer (DMG file) for Mac.

Why?

RBN's Trojan DNSChanger, also known as fake codec for Mac, serves two executables: an EXE for Windows, and a DMG for Mac. When a Windows user visits a malicious site, the user's browser sends the User-Agent info. This contains information such as your OS, version, web browser, and language preference. The malicious website then decides which executable to serve.

So, it won't work by just simply modifying the URL.

How to download DNSChanger DMG in Windows? Modify the User-Agent values to this: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-us)

To perform this task, you could either use Wget or Malzilla.

Example using Wget:
[c:\] wget -U "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-us)" http://gamecodec.com/download/gamecodec1000.dmg

**Note: This site is available today, you can try downloading the file.

For more detailed information, please refer this blog:
http://blog.iantivirus.com/2008/04/how-to-download-dnschanger-dmg-in.html

The sample can be downloaded

The sample can be downloaded from OC here:

http://www.offensivecomputing.net/?q=ocsearch&ocq=bb235867b9996b56afc7fcc80583233a