The Mac Security Blog


The Flashback Trojan Horse Is Not Taking Time Off for the Holidays

Posted on November 25th, 2011 by

As Americans enjoy their long Thanksgiving weekend, malware writers are thankful for only one thing: more and more Mac users are getting tricked into installing their wares. The Flashback Trojan horse, that we reported on here, then discussed a new variant, then another new variant, has bred several new variants. Intego has spotted several new versions of this malware, which, while not changing the features of the malware, have changed the code, in an attempt to sneak through malware protection, such as that of VirusBarrier X6.

The bogus alerts you see on sites serving this malware haven’t changed:

But the effect is the same. When you end up on a site like this, an installation package is automatically downloaded, and, if your browser settings allow it, launched so you’ll see an Installer window.

As we said in a previous article, if you see a web page similar to that shown above, do not run any installer, and if the Installer window does not open, check your Downloads folder for any package file that contains the name Flash, then delete it. Only download Flash Player installers from the Adobe web site.