Because the frequent icons insisting you update your Flash player aren’t annoying enough, now some evildoers have created a Mac trojan that disguises itself as a Flash player installer. It’s not a very widespread piece of malware, but it’s insidious since Apple’s OS X Lion does not include Flash Player so users have to install it themselves. Additionally, many users believe Macs aren’t vulnerable to malware, an opinion that is becoming less valid as Apple’s market share grows.
Mac security specialist firm Intego identified this latest Trojan as Flashback (OSX/flashback.A). The firm warns that it will fool Safari at its default settings, so that the browser will automatically open it under the mistaken belief that it is a safe file. Then an installer will appear on the desktop that appears to be a normal Flash installation.
If a user proceeds with the installation, Flashback Trojan will first disable some of the most popular security software programs, then sneak in its malware payload, and finally will delete its own installation package. An infected computer will connect itself to a remote server and send out its unique identifier MAC address. That will make the computer usable as a zombie, a computer used to spread e-mail spam and launch denial-of-service attacks among other bad things.
Obviously, any computer user should only download a Flash player – or any other kind of software – from the company’s own site or another site known to be a reliable and safe source. Safari users also should change their defaults by unchecking the “open safe files after downloading” box in the General Preferences page, so that nothing will install itself without specific permission to do so.
Intego blog – http://tinyurl.com/3znh94t
Ars Technica – http://tinyurl.com/3k7frs3
Photo by flickr user Mike Fisher (BFS Man), used under Creative Commons license