Patching OS X is so simple, but yet there are people who still put it off. A new malware variant sets out to punish those who haven't been keeping up to date with updates.
The new variant is a Trojan horse called 'Flashback.G' and is makes use of two exploits found on older versions of the Java runtime. Users with macs running OS X 10.6 'Snow Leopard' are particularly at risk since this version came with Java preinstalled while 10.7 'Lion' did not.
According to security firm Intego, this malware uses three tricks to try to get itself installed onto a system:
This new variant of the Flashback Trojan horse uses three methods to infect Macs. The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention. If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.
Image credit: Intego
This Trojan looks for specific websites (such as Google, Yahoo!, CNN, bank websites, PayPal, and so on) and tries to grab the user names and passwords used to log onto the sites.
If you are running OS X 10.6 then it is vitally important that you check to see that you have the latest Java update installed by running Software Update from the Apple menu.