F-Secure is reporting that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in virus checker.
First, Flashback.C decrypts the paths of XProtectUpdater files that are hardcoded in its body. The malware then unloads the XProtectUpdater daemon. Finally, the malware overwrites the XProtectUpdater files with a " " character.
The action described above wipes out certain files, thus, preventing XProtect from automatically receiving future updates.
Read More [via Carl]
First, Flashback.C decrypts the paths of XProtectUpdater files that are hardcoded in its body. The malware then unloads the XProtectUpdater daemon. Finally, the malware overwrites the XProtectUpdater files with a " " character.
The action described above wipes out certain files, thus, preventing XProtect from automatically receiving future updates.
Read More [via Carl]