Yet another Mac Trojan horse has been getting some press lately, after a new variant of Flashback (OSX/Flashback.C) was discovered that will actually remove Apple’s XProtect scanner/updater, in addition to injecting malicious code in running applications.
All variants of the Flashback Trojan are disguised as an Adobe Flash Player installer, and require the user to manually run the installer and authenticate as an admin user. It can be “caught” by visiting a fraudulent website that brings up a very convincing popup window stating that your version of Flash needs to be updated, or by downloading a Flash Player installer from P2P sharing services.
If while surfing the web you get prompted that something need to be updated, ALWAYS dismiss it, then manually visit the vendor’s website if you are so inclined to update. ALWAYS get your updates direct from the source, never from some random alert when visiting a website.