I spent some time this morning looking at this malware, and wrote this article explaining how to find out if you've been infected, and how to remove the programs if you have. If you want all the details, you can read the article. If you just want to know how to remove the malware, here's the simple process:
- In the Finder, navigate to /Library -> Internet Plug-Ins, and delete the file named plugins.settings. Empty the trash. This deletes the tool that sets the rogue DNS Server information.
- In Terminal, type sudo crontab -r and provide your admin password when asked. This deletes the root cron job that checks the DNS Server settings. You can prove it worked by typing sudo crontab -l; you should see the message crontab: no crontab for root.
- Open your Network System Preferences panel, go to the DNS Server box, and copy the entries you can see to a Stickies note, TextEdit document, or memorize them. Now retype those same values in the box, then click Apply.
- Reboot your Mac.
As OS X grows in popularity, I expect that this type of thing will become more commonplace.

