New Mac OS X trojan horse goes live, acts as Adobe Flash Player updater application

Posted by:
Date: Monday, August 8th, 2011, 08:46
Category: News, security, Software

The bad news: There’ll always be people designing viruses, trojans and malware for computers.

The good news: It’s quite a bit rarer on the Mac OS X side of things.

Even so, the latest attempt from digital wrongdoers to infect your Mac has been spotted taking on the look and feel of Adobe’s Flash Installer.

According to CNET, the trojan, which has been dubbed as fairly serious since it mimics the Adobe Flash Player updated, has been named the Trojan Bash/QHost.WB by F-Secure, which provided some insight as to how it works.

Once installed, the Trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 91.224.160.26, which is located in Netherlands. The server at the IP address displays a fake Web page designed to appear similar to the legitimate Google site.

The Trojan is currently dormant, meaning that while it will take you to the fake Google site, nothing will happen. It is, however, programed to serve pop-up ads once the user has accessed the false IP.

The current solution is to only install Adobe updates from Adobe’s official Web site. As with any Trojan designed for Mac, the malware only works if the user allows it. Most of the threats currently in the wild can be avoided by simply sticking to paid versions of software obtained directly from trusted creators of the product.

Stay tuned for additional details as they become available.

Recent Posts