Apple updates malware definitions for fake Flash Player trojan

Apple has issued an update for its XProtect malware detection system so it will now identify the new Flash Player trojan that was recently found.

If you monitor the virus definitions from antivirus developers like Sophos, McAfee, or Norton, you will see numerous new definitions for worms, trojans, viruses, and other malware being released daily. However, if you look at all of these, the vast majority of them are for Windows systems. On the rare occasion that one trickles through that targets Mac users, the whole community seems to turn upside down, and ring major warning bells that blow the situation a bit out of proportion.

Everyone is responsible for this, but given the rarity of malware on Mac systems it is news to the community. If someone announces a new trojan attempt on Windows machines, most people will not do so much as bat an eye unless it's a unique and serious threat; however, even the slightest attempt at conning Mac users these days is seen as a major breakthrough. We saw this in the MacDefender malware and its variants, and more recently in the fake Adobe Flash installer malware that changes your system's hosts file to point Google URLs to phishing Web sites.

XProtect file
The last entry in the XProtect file now includes pattern matches for the new malware, which is called "OSX.QHost.WB.A" (click for larger view).

Apple has taken some steps to manage these threats for Mac users, by implementing a rudimentary antivirus technology called XProtect in OS X 10.6 and later. The tool is not a scanner, but instead is more of a block that warns you of a potential threat in an installer package.

With the advent of the MacDefender malware, Apple enhanced the XProtect feature with an automatic update that checks daily for new malware definitions from Apple. When MacDefender began morphing, a brief cat-and-mouse game ensued with Apple's XProtect feature being automatically updated a couple of times to catch the new versions of the malware.

With the most recent trojan threat in the fake Flash installer, Apple has again updated its XProtect definitions property list, so in the next day or two OS X systems will be updated to automatically handle this threat if exposed to it. If you wish to ensure your system is updated, then you can run one of the following commands in the Terminal:

sudo lauchctl start com.apple.xprotectupdater

sudo /usr/libexec/XProtectUpdater

With either of these commands you will need to supply your admin password, but once run they should result in the XProtect malware definitions to be updated. If you do not wish to use the Terminal, then one option you can do is go to the "General" section of the "Security" system preferences and toggle the "Automatically update safe downloads list" option, which will also spur the system to update its malware definitions.

Security System Preferences
Toggle this check box in the Security system preferences to cause OS X to update its XProtect feature.


Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

About the author

    Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.

     

    ARTICLE DISCUSSION

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    Hot on CNET

    CNET's giving away a 3D printer

    Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.