apple-updates-malware-definitions-for-fake-flash-player-trojan

If you monitor the virus definitions from antivirus developers like Sophos, McAfee, or Norton, you will see numerous new definitions for worms, trojans, viruses, and other malware being released daily. However, if you look at all of these, the vast majority of them are for Windows systems. On the rare occasion that one trickles through that targets Mac users, the whole community seems to turn upside down, and ring major warning bells that blow the situation a bit out of proportion
Everyone is responsible for this, but given the rarity of malware on Mac systems it is news to the community. If someone announces a new trojan attempt on Windows machines, most people will not do so much as bat an eye unless it's a unique and serious threat; however, even the slightest attempt at conning Mac users these days is seen as a major breakthrough. We saw this in the MacDefender malware and its variants, and more recently in the fake Adobe Flash installer malware that changes your system's hosts file to point Google URLs to phishing Web sites.

Apple has taken some steps to manage these threats for Mac users, by implementing a rudimentary antivirus technology called XProtect in OS X 10.6 and later. The tool is not a scanner, but instead is more of a block that warns you of a potential threat in an installer package.

With the advent of the MacDefender malware, Apple enhanced the XProtect feature with an automatic update that checks daily for new malware definitions from Apple. When MacDefender began morphing, a brief cat-and-mouse game ensued with Apple's XProtect feature being automatically updated a couple of times to catch the new versions of the malware.

With the most recent trojan threat in the fake Flash installer, Apple has again updated its XProtect definitions property list, so in the next day or two OS X systems will be updated to automatically handle this threat if exposed to it. If you wish to ensure your system is updated, then you can run one of the following commands in the Terminal:

sudo lauchctl start com.apple.xprotectupdater

sudo /usr/libexec/XProtectUpdater

    The last entry in the XProtect file now includes pattern matches for the new malware, which is called "OSX.QHost.WB.

With either of these commands you will need to supply your admin password, but once run they should result in the XProtect malware definitions to be updated. If you do not wish to use the Terminal, then one option you can do is go to the "General" section of the "Security" system preferences and toggle the "Automatically update safe downloads list" option, which will also spur the system to update its malware definitions.

Toggle this check box in the Security system preferences to cause OS X to update its XProtect feature.