updated 04:30 pm EDT, Mon September 26, 2011
flashback.A assumes guise of Flash installer
As has become standard, Apple has quietly updated OS X definitions to counter a recently-publicized malware threat, checks show. Lion and Snow Leopard will now block a Trojan fronted by OSX/Revir.A, which in turn installs a backdoor program identified as OSX/Imuler.A. Although neither part of the Trojan is especially dangerous at the moment, Imuler could potentially be used at a later date to capture screenshots or steal files.
Another Trojan known as OSX/flashback.A has already emerged, according to security firm Intego. Although only one instance of the malware has been reported, Intego warns that flashback disguises itself as an installer for the Adobe Flash Player, and may be linked off of malicious websites. If a person is using Safari, the installer will launch automatically after download if a person has not disabled automatic opening in their browser.
Following through with the installation will disable some security software, and install code that allows the malware to inject still more code into a person's apps. The Trojan further connects to a remote server, sharing information such as a computer's MAC address. The threat should be relatively easy to avoid, however, since a person can always quit the installer, or avoid flashback entirely by only downloading Flash Player from Adobe directly. Intego says it has already updated VirusBarrier X6 to halt the attack, but there is no matching definition update from Apple.