The Flashback Trojan's installer looks like a legitimate program. The Trojan will also try to send personal information and machine-specific information to remote servers. Unlike the previous Flash Trojan (called Bash/QHost.WB), which changed one file on the system, this new Trojan is a bit more complex and first deactivates network security features, then installs a dyld library that will run and inject code into applications that the user is running. Now Intego has discovered a new Trojan for OS X that does pretty much the same thing: masquerades as a Flash Player installer to trick people into installing the program.
After installation, the Trojan would alter the system's hosts file to redirect Google sites to fraudulent servers. A few months ago security company F-Secure uncovered a Mac Trojan horse that posed as an installer application for Adobe Flash, taking advantage of the popularity of the plug-in to trick users into installing it.