Technology

September 27, 2011

Mac Flashback Trojan Horse

More articles by »
Written by: pressrelease
Tags: , , , ,

Masquerades As Flash Player Installer Package

Malware: OSX/flashback.A

Risk: Low; this malware has been found in the wild, and may fool Mac users who don’t have Flash Player installed. However, Intego so far has only one report of this malware, and a sample provided by a user who downloaded it from a malicious web site.

Description: Intego has discovered a new Trojan horse, Flashback, which masquerades as a Flash Player installer. This Trojan horse has been found in the wild, and has some disturbing actions.

Users visiting certain malicious websites may see a link or an icon to download and install Flash Player. Since Mac OS X Lion does not include Flash Player, some users may be fooled and think this is a real installation link. When they click the link, an installation package downloads, and, if the user is using Safari as their web browser, the Mac OS X Installer will launch. (Safari considers installer packages, with .pkg or .mpkg extensions, to be “safe” files and will launch them after download, if default settings are used.)

If the user proceeds with the installation procedure, the installer for this Trojan horse will deactivate some network security software, and, after installation, will delete the installation package itself. The malware installs a dyld (dynamic loader) library and auto-launch code, allowing it to inject code into applications the user launches. This code, installed in a file at ~/Library/Preferences/Preferences.dylib, connects to a remote server, and sends information about the infected Mac to this server: this includes the computer’s MAC address, a unique identifier. This will allow the malware to detect if a Mac is infected.

For now, Intego has analyzed this malware and its installation process. Intego’s security researchers are analyzing the injected code and we will issue more information as soon as possible.

Means of protection: Users should not download a Flash Player installer from any site other than adobe.com. Mac OS X Lion does not include Flash Player, but users who wish to install this software should visit Adobe’s website:  http://www.adobe.com/products/flashplayer/.

Next, it is advisable, for those who use Safari as their web browser, to uncheck Open “safe” files after downloading in the program’s General preferences. This will prevent installer packages—whether real or malicious—from launching automatically.

Finally, if an installer claiming to be a Flash Player installer appears, users should be very careful to ensure that they did, indeed, download it from Adobe’s web site. If not, they should quit the installer.

VirusBarrier X6 (www.intego.com/virusbarrier/) protects users from this malware with malware definitions dated September 26, 2011 or later. VirusBarrier X6’s real-time scanner will detect the file when it is downloaded, and its Anti-Spyware protection will block any connections to remote servers if a user has installed the Trojan horse. VirusBarrier Express and VirusBarrier Plus, available exclusively from the Mac App Store, detect this malware with malware definitions dated September 26, 2011 or later, but these programs do not have a real-time scanner, due to limitations imposed by the Mac App Store; users should scan their Macs after they have updated to the latest malware definitions, or manually scan any installer packages they have downloaded if they seem suspicious.

 

 

Print Friendly, PDF & Email
Share


About the Author

pressrelease
pressrelease
If your company has press releases that you feel will be of interest to our readers, send your request for approval for our free service to press@ipaimpress.com. If approved your releases will appear in our IMPress publication.




 
 

 

International Beauty Show 2019 Draws Thousands

ach year we attend the International Beauty Show, with a sense of discovery. We ask ourselves, what will be the next big trend for the beauty industry this year? We also wonder if they can top the previous years shows in both e...
by Len Rapoport
0

 
 

New York Times Travel Show 2019-NYC

2019 NY Times Travel Show...At IPA and IMPress Magazine we are all about travel. Our sister company Travel Pavilion, is our travel agency business.  Our fantastic website offers our original articles, photos, and videos fr...
by Len Rapoport
0

 
 

Make Healthy “Georgie Meatloaf” For Your Dog 2019

Our recipe for the healthiest and freshest dog food on the internet. We call it Georgie Meatloaf after our dogs name and it has been tested by over 39,000 readers and viewers of our popular YouTube video. Find out how you can ...
by Len Rapoport
1

 

 

PhotoPlus 2018, The Photo Industry Evolves

PDN PhotoPlus Expo 2018 showcased new and exciting photo and video gear. This year we filmed part of our video with our iPhone 8+ and a Rode Mobile Interview Kit.
by Len Rapoport
0

 
 

Just Bought A 2018 Kia Optima-Find Out Why

As a writer, photojournalist and editor of four online publications, I am always looking for new content to publish on our websites.  Since I don’t drive many miles each year and had two older vehicles a 2001 Lexus a...
by Len Rapoport
0

 

 

2018 QuickChek Festival of Ballooning

2018 QuickChek Festival of Ballooning   ” 2018 QuickChek Festival of Ballooning” is the largest summertime hot air balloon and music festival in North America and is the premier family entertainment attrac...
by Len Rapoport
0

 



0 Comments


Be the first to comment!


You must be logged in to post a comment.


 
%d bloggers like this: