Virus writers aim in Mac

Updates of a trojan of Flashback which are established, masking itself as Adobe Flash updates, prevent start by the machines Mac of the VMware Fusion system now. The similar software of virtualization is usually used by researchers in the field of security for check of behavior of samples of the malware because upon termination of work it is easier to delete a virtual copy, than to format the hard drive and to reinstall the operating system.

Experts of provider of antiviruses Intego noted in the blog on Thursday that when the installer of the Trojan of Flashback.D which users receive fraudulently begins installation, the program checks whether Fusion on Mac is started. If yes, installation is not executed. Viruses for Windows OS did the same for many years.

Flashback developers also reviewed the code so that he does not set himself in the place of the operating system, simple for viewing, ~ / Library any more. Instead he will organize a rear entrance in the folders connected with the Safari browser. At the same time removal of files will lead to failure of start of the browser.

Similar blocking and concealment of harmful files became very widespread technology during creation of malware for Windows. Supplementing them, Flashback implements similar methods which are taken now advantage by the hackers who are guided by Mac. Researchers of Intego emphasize that the happening changes speak about readiness of authors of these programs to create harder and harder malware.

In other blog researchers of the competing anti-virus company F-Secure say that acquaintance using virtual isolation of viruses goes back to earlier version of a harmful trojan - Flashback.B. "It seems that authors of malware for Mac expect that researchers will begin to use virtual environments during the analysis, and take steps to prevent such activity", the statement says.

Developers of viruses constantly enter new to them for effective infection of Mac computers. According to the observer in the field of security Brian Krebs, Trojan-Dropper: OSX/Revir.A - one more, recently detected Trojan for Mac, "throws down a challenge to opinion, widespread among users of Mac, that the malware is not established without the explicit consent of the user".