Trojan:BASH/QHost.WB hijacks web traffic by modifying the hosts file.
Trojan:BASH/QHost.WB poses as a FlashPlayer installer called FlashPlayer.pkg:
Screenshot of Trojan:BASH/QHost.WB masquerading as a FlashPlayer
This trojan is also further discussed in our Labs Weblog post:
Upon installation, the trojan will hijack and redirect web traffic to Google by adding the following entries to the hosts file: