Intego Detects Fresh Variant of Trojan Flashback

According to researchers from Intego a security company, many Trojan Flashback variants are floating in the wild from the time the company first detected the malware on September 26, 2011. Flashback.D, name of the newest variant, has become slightly treacherous, Intego adds. The Mac Security Blog reported this on October 13, 2011.

The Trojan, at the foremost, examines to find out whether the target computer has Mac OS X inside VMware Fusion. Incase the OS is running, the Trojan doesn't execute. That's because several security investigators test malicious software within virtual systems, so the Trojan doesn't contaminate full installations since it's simpler for erasing them and beginning anew using sanitized copies. Thus the meaning is clear -malware analysts hunting for Flashback require using routine Macs, experts at the Intego firm outline.

Thereafter in the subsequent stage, the Trojan horse's installer pulls down the malicious program whilst executing the postinstall code.

Lastly, the installer doesn't any longer load the OS X~/Library's subfolder that's easily detectable. Rather it installs one destructive backdoor within an increasingly unclear folder related to Safari web-browser. In case the files are erased, the browser stops functioning.

Such preventing of virtual systems along with disguising of malware are now routine exercises with Windows malicious programs. And if those are joined with Flashback, it means that online-crooks targeting Macs adopt the identical methods.

Remarking about this, Intego experts stated that the changes demonstrated the sophistication of the malware writers, and about their modification of the malware for making sure it wasn't spotted. Theregister.co.uk reported this on October 13, 2011.

Elsewhere at F-Secure a rival anti-virus company, researchers posted that the VM-awareness first occurred when the Trojan's previous Flashback.B variant was released.

The researchers further wrote that apparently Mac malware writers were expecting that investigators would start utilizing virtualized conditions at the time of analysis, while they were adopting measures for hindering such initiatives. Theregister.co.uk reported this.

Eventually, for remaining safe from the Trojan, security specialists recommend end-users that they shouldn't take down anything from websites which aren't any more trustworthy rather perform all downloads off officially Apple associated websites, which are authentic.

Related article: Indictment On Two Ohio Men For Selling Porn DVDs

» SPAMfighter News - 10/25/2011