updated 01:25 pm EDT, Fri August 12, 2011
New definitions still rare
Apple made a rare update to the malware definitions in OS X earlier this week, a look at the software's XProtect.plist file shows. An entry has been added for "OSX.QHost.WB.A," a Trojan known to disguise itself as an installer for Flash Player. Should a person encounter and launch the installer, the Trojan will modify a person's hosts file to redirect certain Google websites to an IP in the Netherlands.
A fake Google webpage hosted at the IP displays search results that actually trigger pop-up windows. The content in the pop-ups is said to be broken, but a person hit by the malware will still have to cope with the redirection problems it causes. The broken pop-ups may have contained advertising.
Apple has rarely updated its malware definitions since June, when variants of an attack known as MacDefender grabbed headlines and forced the company into action. OS X was eventually updated to use a discrete definition update system, which lets Apple push new definitions in the background. Mac owners previously had to download larger but even less frequent security patches to address security holes.