On Monday, security company Intego warned Mac users of a new Trojan horse that masquerades as a Flash Player installation package for OS X Lion.
Mac OS X Server 10.7 (Lion) Server Complete Coverage »
Pricing
Latest Price: $49.99
-
New Mac malware variant surfaces, poses as PDF -
Inside Snow Leopard’s hidden malware protection -
Update brings enhanced malware protection for Snow Leopard -
First Look: Trojan Horse warning: What you need to know
-
Intego: New variant of Mac Trojan horse doesn’t require a password -
New Mac Trojan horse masquerades as virus scanner -
Reports emerge of Mac OS X Trojan horse or worm
Intego reported that the Flashback malware is available on some sites that offer a link or icon to install Flash Player; Lion users may be vulnerable to the scam because the operating system doesn’t automatically include Flash. If users do click on the malicious link in Safari—launching the Mac OS X Installer—the software deactivates some security code, then deletes the original installation package. The malware then sends information about the infected Mac back to a remote server. Intego analysts are still investigating Flashback’s purposes.
Protecting your Mac from this Flashback is relatively easy: Only download Flash from Adobe.com.
Monday’s announcement is the second Trojan horse warning to Mac users in the last week. On Friday, security firm F-Secure warned against Trojan-Dropper:OSX/Revir.A, which appears as a Chinese-language PDF; open it up, and a backdoor connection to a remote server is made.
As Macworld’s Serenity Caldwell noted after Friday’s warning about the PDF malware, one way for Mac users—particularly those who use Safari—to avoid a problem with Trojan horse malware is to uncheck Safari’s Open ‘Safe’ Files After Downloading option (Safari – Preferences – General); then, as long as you practice common sense computing, you should be safe from most malicious attacks. You should also be sure to keep your OS X malware definitions up to date.
Article source: http://www.macworld.com/article/162496/2011/09/intego_malware_masquerades_as_flash_installer.html
View full post on National Cyber Security » Virus/Malware/Worms