I’ve been hearing from folks who report that their browser (it happens in more than one browser) suddenly has a different home page and uses a different search engine, apparently always Google. Attempting to switch these setting back to normal doesn’t stick.
The fascinating thing is how this malware gets you. Other than the above changes, users’ browsers work just fine. Nothing else untoward seems to be happening.
So what folks tend to do is to Google how to get rid of a virus that changes your search engine. This is where the bad guys did something brilliant. Suddenly, as of a few days ago, a bunch of new Web sites appeared offering instructions on how to remove this “virus”. But all of those Web sites come from previously unknown entities…and they all recommend downloading very questionable software (often commercial software, to add insult to injury), to clean the infection. It’s that software, that users have downloaded entirely volitionally, that I suspect is the real danger. Brilliant how they get users to download it.
I suspect that this new “virus” (actually a Trojan Horse) is being disseminated like so many others for the Macintosh: via a fake Adobe Flash installer.
So, as always, NEVER install or update Flash any way other than:
- Via the Flash Player pane (under the Updates tab) in System Preferences on your Mac
- Directly from Adobe:
NEVER, EVER update Flash by clicking on something in a pop-up window, or from a notice on a Web site, or from a Flash installer that a Web site automatically downloads to your hard drive, or from a Flash installer that you find in your Downloads folder that you didn’t expect to be there or that you didn’t just download from Adobe’s Web site.