Unlike the previous Flash Trojan (called Bash/QHost.WB), which changed one file on the system, this new Trojan is a bit more complex and first deactivates network security features, then installs a dyld library that will run and inject code into applications that the user is running. Now Intego has discovered a new Trojan for OS X that does pretty much the same thing: masquerades as a Flash Player installer to trick people into installing the program. After installation, the Trojan would alter the system's hosts file to redirect Google sites to fraudulent servers.
A few months ago security company F-Secure uncovered a Mac Trojan horse that posed as an installer application for Adobe Flash, taking advantage of the popularity of the plug-in to trick users into installing it.
