Macworld reports a new Trojan with a nasty twist. It poses as an update to Flash, but once double-clicked, it installs and

sends the computer’s records to a remote server. As if that weren’t bad enough, it also disables the Mac auto-download for

malware definitions:

(http://www.macworld.com/article/160191/2011/05/snow_leopard_malware_protection.html).

This little gem has been named Trojan-Downloader:OSX/Flashback.C and was reported in September (MacDefender). This is a new variant of that Trojan.

Mac owners can download manual directions for removal of the MacDefender malware here:

http://www.macworld.com/article/160085/2011/05/apple_posts_mac_defender_fix.html

Macworld goes on to state:

“By disabling the malware definitions update, Flashback.C attempts to ensure that your Mac won’t know about any update Apple releases to remove the malicious software. Notably, the Trojan horse bails and deletes itself if you have the Little Snitch app installed.

F-Secure offers removal instructions if you fear you’ve been infected; the fix involves deleting entries from your browsers’ .plist files. Check out F-Secure’s page if you’re concerned.”

Once again, the best way to defeat this type of malware is to download updates only from the original site. Other major download sites can be trusted, but the most secure practice is the first mentioned.

Source:

http://www.macworld.com/article/163133/2011/10/new_mac_trojan_horse_disables_apples_automatic_malware_updates.html