has updated its list of Malware Definitions to protect against a fake FlashPlayer trojan, reports MacRumors.
F-Secure details how the fake FlashPlayer works in a post on its blog…
Once installed, the trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 220.127.116.11, which is located in Netherlands.
The server at the IP address displays a fake webpage designed to appear similar to the legitimate Google site. When a search request is entered, the remote server returns a fake page that mimics a legitimate Google search results page.
Even though the page looks fairly realistic, clicking on any of the links does not take the user to any other sites. Clicking on the links does however open new pop-up pages, which are all pulled from a separate remote server.
At the end of May, Apple released Security Update 2011-003 to detect and remove the Defender software and its variants. Notably, Apple introduced a new background process with the update that automatically updates virus definitions daily. As far as we know this is the first automatic update to protect against something besides Defender.
Read More [via MacRumors]