“Patching OS X is so simple, but yet there are people who still put it off.,” Adrian Kingsley-Hughes reports for ZDNet. “A new malware variant sets out to punish those who haven’t been keeping up to date with updates.”
“The new variant is a Trojan horse called ‘Flashback.G’ and is makes use of two exploits found on older versions of the Java runtime,” Kingsley-Hughes reports. “According to security firm Intego, this malware uses three tricks to try to get itself installed onto a system: ‘This new variant of the Flashback Trojan horse uses three methods to infect Macs. The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention. If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.'”
Read more in the full article here.
MacDailyNews Take: Run Software Update ASAP and make sure you are up-to-date.
Warning: Flashback Trojan horse spreading; Mac users should be wary of Flash installers – September 28, 2011
Apple updates OS X Lion, Snow Leopard malware definitions to address new trojan – September 26, 2011