Researchers from F-Secure warn that a variant on a trojan discovered in September, which masquerades as an Adobe Flash Player installer, now exists and is capable of disabling OS X's built-in malware protection.
OSX/Flashback.C disables the auto-updater component of XProtect, which means the system's built-in anti-malware application no longer looks for updates to its malware definitions. This essentially holds the door open for future malware to invade the system unimpeded.
F-Secure provides instructions for removing OSX/Flashback.C if your system has already been compromised. For the truly paranoid, you can also bypass the auto-update process and force your Mac to update its malware definitions manually.
Since OS X malware authors seem to be employing fake Flash Player installers as a delivery vector, it's worth mentioning that you should only download Flash Player from trusted sources. Adobe's website is a good place to start. You could also remove the plug-in version of Flash Player altogether, essentially zeroing out your risk of being exposed to the OSX/Flashback trojan variants; the Google Chrome browser includes a bundled Flash Player if you need to view Flash content.
[Hat tip to Ars Technica]
Trojan variation disables Mac malware protection originally appeared on TUAW - The Unofficial Apple Weblog on Wed, 19 Oct 2011 15:30:00 EST. Please see our terms for use of feeds.
Source: http://www.tuaw.com/2011/10/19/trojan-variation-disables-mac-malware-protection/
No comments:
Post a Comment