PDA

View Full Version : Antivirus Firms Release Free Tools for Cleaning Macs Infected by Flashback




MacRumors
Apr 11, 2012, 03:18 PM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2012/04/11/antivirus-firms-release-free-tools-for-cleaning-macs-infected-by-flashback/)


Yesterday, Apple disclosed (http://www.macrumors.com/2012/04/10/apple-developing-software-to-remove-flashback-malware/) for the first time that it is working to develop a software tool to detect and remove the Flashback malware from infected machines. We also previously profiled Flashback Checker (http://www.macrumors.com/2012/04/10/flashback-tidbits-flashback-checker-opendns-protection-apples-low-visibility-security-team/), a simple app designed to allow users to easily see if their Macs are infected but which provides no assistance with disinfection.

While Apple works on its own official solution, other parties have continued to develop their own increasingly user-friendly tools for dealing with the threat and cleaning infected machines, with some of those tools making their way into the public's hands.

Russian antivirus firm Kaspersky Lab, which has played a key role in monitoring and publicizing the threat of Flashback, yesterday announced (http://usa.kaspersky.com/about-us/press-center/press-blog/kaspersky-announces-free-website-check-your-mac-widespread-virus) the launch of a free web-based checker (http://www.flashbackcheck.com/) where users can simply input the hardware UUID of their Mac to see if it has registered on the firm's servers as an infected machine. The company has also released Flashfake Removal Tool (https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_checking_site), a free app that quickly and easily detects and removes the malware.

http://images.macrumors.com/article-new/2012/04/kaspersky_flashback_tool.jpg


Antivirus firm F-Secure has also announced (http://www.f-secure.com/weblog/archives/00002346.html) its own free Flashback Removal app. The app generates a log file detailing whether it has found Flashback on a user's system, and if so quarantines it inside an encrypted ZIP file for disposal.

F-Secure also points out that Apple has yet to offer any protection for users running systems earlier than Mac OS X Snow Leopard. Flashback uses a vulnerability in Java to install itself without user authorization, and Apple released software patches for Java on Lion and Snow Leopard last week to close that hole and prevent infection on updated systems. Machines running earlier versions of Mac OS X do, however, remain unprotected. Specifically, F-Secure notes that over 16% of Macs are still running Mac OS X 10.5 Leopard, marking a substantial user base that remains vulnerable to the threat.

Update: Kaspersky Lab has informed MacRumors that the Flashfake Removal Tool has temporarily been pulled after the discovery that in some cases it could erroneously remove certain user settings. A fixed version of the tool will be posted as soon as it is available.

Update 2: The patched version of the Flashfake Removal Tool is now available through the Kaspersky Lab site.

Article Link: Antivirus Firms Release Free Tools for Cleaning Macs Infected by Flashback (http://www.macrumors.com/2012/04/11/antivirus-firms-release-free-tools-for-cleaning-macs-infected-by-flashback/)



garylapointe
Apr 11, 2012, 03:21 PM
They should have a great big donate $1 button on it!

The "solvers" of the biggest infection in Mac history. (Right?)

Gary

Eric S.
Apr 11, 2012, 03:21 PM
I would guess that way over 16% of Macs are running a pre-Snow Leopard OS.

d4rkc4sm
Apr 11, 2012, 03:24 PM
'infected' suggests its a virus. thought macs didnt get viruses. haha

garylapointe
Apr 11, 2012, 03:24 PM
I would guess that way over 16% of Macs are running a pre-Snow Leopard OS.

Yes, if 16% are running Leopard. Then everyone running pre-Leopard would certainly increase those numbers.

Gary

Sedulous
Apr 11, 2012, 03:26 PM
I still don't believe the 600,000 figure.

Kaibelf
Apr 11, 2012, 03:26 PM
F-Secure also points out that Apple has yet to offer any protection for users running systems earlier than Mac OS X Snow Leopard.

I guess being too lazy and, frankly, cheap to spend that $29 seems pretty stupid now, doesn't it? :D

Eric S.
Apr 11, 2012, 03:27 PM
Yes, if 16% are running Leopard. Then everyone running pre-Leopard would certainly increase those numbers.

Well I would also guess that way over 16% of Macs are running Leopard.

GSPice
Apr 11, 2012, 03:27 PM
'infected' suggests its a virus. thought macs didnt get viruses. haha

Gosh you must be on to something. I guess Mac users are all idiots.

/sarcasm

dakwar
Apr 11, 2012, 03:28 PM
They should have a great big donate $1 button on it!

The "solvers" of the biggest virus in Mac history. (Right?)

Gary

I assume you're being sarcastic. ... in which case, yes :rolleyes:.

garylapointe
Apr 11, 2012, 03:29 PM
'infected' suggests its a virus. thought macs didnt get viruses. haha

I think technically it's malware, since it tricks the user into installing it. Viruses get in on their own.

People infected with lead poisoning usually don't necessarily "catch" it, you might have accidentally ingested it.

Gary

Apple fanboy
Apr 11, 2012, 03:34 PM
Company offers free antivirus software? Is this not just a precursor to getting you to buy there antivirus software. Coming from a PC background I've always been suspicious that Norton and others have 1 department creating viruses whilst another creates antivirus software. Or am I just skeptical?
Either way as I'm waiting to buy a new iMac I'm less than happy to hear about Mac viruses.

scotthew1
Apr 11, 2012, 03:36 PM
damn apparently my computer was infected with this thing...
any word on exactly what information this malware takes? i should probably change all my passwords shouldn't i?

Ajones330
Apr 11, 2012, 03:41 PM
I checked and was not infected. I'm always skeptical about companies doing anything for free. What's the catch with Kaspersky?:rolleyes:

abz1981
Apr 11, 2012, 03:41 PM
should we use this removal tool to check. or should we just wait for apple to provide a tool to check and remove?

definitive
Apr 11, 2012, 03:41 PM
damn apparently my computer was infected with this thing...
any word on exactly what information this malware takes? i should probably change all my passwords shouldn't i?

whose scanner did you run?

dBeats
Apr 11, 2012, 03:42 PM
MMmyes. Just give us UUID and we check if you infected. Soon, a pyop up wyndow will appyear. Click yyes, and pretty soon, infection will happen, uhm I mean will be checked! Don't worry about all those connections in nyetstat pointing to warez locations. This is the infection removal process and it pyerfectly nyormal.

jayducharme
Apr 11, 2012, 03:48 PM
Interesting that these tools are appearing after Apple announced that a fix of their own is coming....

Dillenger
Apr 11, 2012, 03:50 PM
I checked and was not infected. I'm always skeptical about companies doing anything for free. What's the catch with Kaspersky?:rolleyes:

I think in time they will try to get you to open your walletsky so you can spend some of your moneysky on their Mac anti-virusky.

themelz
Apr 11, 2012, 03:51 PM
A few days ago I did the Terminal commands that F-Secure posted for checking for Flashback trojan (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml). Redid it today and both times came up negative.

I downloaded and used an app to do the same (https://github.com/jils/FlashbackChecker/wiki) and also the F-Secure Flashback Removal app. They both also came up negative.

I used the web-based checker in this article, put in the hardware UUID of my Mac and surprise, surprise, it came up positive.

I would have thought that MacRumours would've tested them and saw that the Kaspersky Lab web page is bogus!!!!

toronado455
Apr 11, 2012, 03:53 PM
Machines running earlier versions of Mac OS X do, however, remain unprotected.
Well, there's my answer. :rolleyes:

scotthew1
Apr 11, 2012, 03:55 PM
whose scanner did you run?

i used the Kaspersky one. but huh comments above do indeed make this look suspicious.

Rodimus Prime
Apr 11, 2012, 03:56 PM
I think in time they will try to get you to open your walletsky so you can spend some of your moneysky on their Mac anti-virusky.

bingo.

Plus I would like to note removing an infection after it happen is just a band-aid fix. Damage was already done and some of these lovely little trogans will make themselves near impossible to remove by killing or stopping the fix from even running.

I have noticed the time between infection on OSX has been dropping pretty steady and it will not be long before running AV software on OSX will be a near must have much like it is in the windows world.

ILOVEMYMBP2.2g
Apr 11, 2012, 03:58 PM
i used the Kaspersky one. but huh comments above do indeed make this look suspicious.

I used this and it said it removed it and then when I restarted my mac i ran the web checker again and it said I still had it? hmmmmmm

Please someone verify if this is some sort or bad thing or not?

GorgonPhone
Apr 11, 2012, 03:59 PM
all my macs were clean...:D

Risasi
Apr 11, 2012, 03:59 PM
To avoid future "infections".

Step 1. Remove Java, you probably don't need it.

Step 2. Remove Flashplayer, if you insist upon using flash run Chrome.

Step 3. Don't be a click-happy nut who passively submits to blissfully typing in the admin password.

---
There, future crisii averted...

ILOVEMYMBP2.2g
Apr 11, 2012, 04:00 PM
I used this and it said it removed it and then when I restarted my mac i ran the web checker again and it said I still had it? hmmmmmm

Please someone verify if this is some sort or bad thing or not?

actually i use ran the downloaded remover and it said that the threat wasn't detected anymore so it def "could be" legit........still shifty about it though

Rocketman
Apr 11, 2012, 04:01 PM
Many machines still run even earlier versions of OSX including 10.4 and 10.3 to maintain specific functionality and compatibility. Do any of those tools address these (or even earlier) users?

Rocketman

viktorcode
Apr 11, 2012, 04:01 PM
Infection itself does nothing drastic. It may attempt to load another executable though which may attempt to do real harm but so far nothing has been reported on this.

To disinfect just find and remove files it installed - F-Secure has instructions how to do it: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

To be safe in the future disable or uninstall Java: http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-disable-java-in-os-x/

Chances are you arenít using Java software at all. If you do, consider exit strategy, as Java has been responsible for numerous exploits on Mac OS X over the years, and also Java programs for OS X do suck. It wonít magically become better tomorrow.

scotthew1
Apr 11, 2012, 04:03 PM
I used this and it said it removed it and then when I restarted my mac i ran the web checker again and it said I still had it? hmmmmmm

Please someone verify if this is some sort or bad thing or not?

my assumption with that one is that the because the server supposedly collected the UUID of infected computers, it just kept a list of all the computers that were infected. after the removal the server doesn't change because it's simply kept a list of computers that tried to contact it thru the malware, not a list of computers that are actually currently infected.

GGJstudios
Apr 11, 2012, 04:09 PM
'infected' suggests its a virus. thought macs didnt get viruses. haha
They don't, since this isn't a virus. Viruses aren't the only form of malware that can infect computers.
I guess being too lazy and, frankly, cheap to spend that $29 seems pretty stupid now, doesn't it? :D
Choosing not to upgrade to Snow Leopard or Lion doesn't have anything to do with being lazy or cheap. There is no need to upgrade, simply for the sake of upgrading. Leopard still runs quite well for many users.
Company offers free antivirus software?
There are many free antivirus apps on both Windows and Mac platforms. It's nothing new.
Either way as I'm waiting to buy a new iMac I'm less than happy to hear about Mac viruses.
You can be happy again. This isn't a virus, and there never has been one since Mac OS X was released. This is a trojan, and not the first one.
I used this and it said it removed it and then when I restarted my mac i ran the web checker again and it said I still had it?
To be certain, just use the Terminal commands (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml) that have already been posted everywhere.


Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection (http://support.apple.com/kb/ht4651) built in, further reducing the need for 3rd party antivirus apps.
Mac Virus/Malware FAQ (http://guides.macrumors.com/Mac_Virus/Malware_FAQ)

Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall


Uncheck "Open "safe" files after downloading" in Safari > Preferences > General


Uncheck "Enable Java" in Safari > Preferences > Security. This will completely protect you from the Flashback malware (http://support.apple.com/kb/HT5244). Leave this unchecked until you visit a trusted site that requires Java, then re-enable only for your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)


Change your DNS servers to OpenDNS servers by reading this (http://guides.macrumors.com/Mac_Virus/Malware_FAQ#Why_am_I_being_redirected_to_other_sites.3F).


Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.


Never let someone else have access to install anything on your Mac.


Don't open files that you receive from unknown or untrusted sources.


Make sure all network, email, financial and other important passwords are complex, including upper and lower case letters, numbers and special characters.


Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any virus, trojan, spyware, keylogger, or other malware. You don't need any 3rd party software to keep your Mac secure.

If you insist on running antivirus, ClamXav (http://www.clamxav.com/) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges. You can run scans when you choose, rather than leaving it running all the time, slowing your system. ClamXav has a Sentry feature which, if enabled, will use significant system resources to constantly scan. Disable the Sentry feature. You don't need it. Also, when you first install ClamXav, as with many antivirus apps, it may perform an initial full system scan, which will consume resources. Once the initial scan is complete, periodic on-demand scans will have much lower demands on resources.

eyebex
Apr 11, 2012, 04:10 PM
my assumption with that one is that the because the server supposedly collected the UUID of infected computers, it just kept a list of all the computers that were infected. after the removal the server doesn't change because it's simply kept a list of computers that tried to contact it thru the malware, not a list of computers that are actually currently infected.

It could be but it would be a poorly managed system. If they manage their virus database in similar way, I don't want to put their trust in them.

My skeptical side suspects that no matter what UUID you throw at it, the response will be "You had the malware and we removed it.".

Takohashi
Apr 11, 2012, 04:12 PM
From Twitter:

http://f.cl.ly/items/3I3q2q051r1l3u3A1B39/Screen%20shot%202012-04-10%20at%2016.09.47.jpg

Krauser
Apr 11, 2012, 04:14 PM
I guess being too lazy and, frankly, cheap to spend that $29 seems pretty stupid now, doesn't it? :D
Because using Snow Leopard because I prefer the way it works to Lion which, frankly, is the same OS with some intrusive iOS overlays makes me stupid and cheap? Yeah... ok...

kingtj
Apr 11, 2012, 04:21 PM
With this infection at least, it relies on a Java exploit. So if you remove Java on one of the older machines, that should seal up the vulnerability.

If you have an old 10.3 or 10.4 Mac for specific purposes, there's a good chance those programs you still use with it don't require Java....


Many machines still run even earlier versions of OSX including 10.4 and 10.3 to maintain specific functionality and compatibility. Do any of those tools address these (or even earlier) users?

Rocketman

GGJstudios
Apr 11, 2012, 04:23 PM
With this infection at least, it relies on a Java exploit. So if you remove Java on one of the older machines, that should seal up the vulnerability.

If you have an old 10.3 or 10.4 Mac for specific purposes, there's a good chance those programs you still use with it don't require Java....
You don't even need to uninstall Java if you don't want to. Simply disable it in Safari preferences until you visit a trusted site that needs it, and you'll be fine.

eyebex
Apr 11, 2012, 04:38 PM
From Twitter:

Image (http://f.cl.ly/items/3I3q2q051r1l3u3A1B39/Screen%20shot%202012-04-10%20at%2016.09.47.jpg)

my skeptical side was wrong

hkenneth
Apr 11, 2012, 04:40 PM
What if it is a Hackintosh with a fake UUID? :D

iMouse
Apr 11, 2012, 04:40 PM
I guess being too lazy and, frankly, cheap to spend that $29 seems pretty stupid now, doesn't it? :D

...or running a system that doesn't support Snow Leopard. This includes every PowerPC-based Mac still in use out there.

CrickettGrrrl
Apr 11, 2012, 04:56 PM
To avoid future "infections".

Step 1. Remove Java, you probably don't need it.

Some older versions of Adobe Creative Suite might. Some bank web-sites might.

Step 2. Remove Flashplayer, if you insist upon using flash run Chrome.

Or install Click-To-Flash in Safari or Firefox.

Step 3. Don't be a click-happy nut who passively submits to blissfully typing in the admin password.

NOTABLY: This particular variant of Flashback was DRIVE-BY. And--- it may have been spreading through perfectly normal WordPress sites......
---
There, future crisii averted...

Smugness is unbecoming. :rolleyes:

Really. Let me repeat, you could become a Flashback victim by merely viewing a web-site, quite possibly a Wordpress blog.

Eric S.
Apr 11, 2012, 05:00 PM
all my macs were clean...:D

Has anyone found the infection? Not that I've seen, aside from the reported "600,000" number.

And if you are infected, what is the effect exactly?

GGJstudios
Apr 11, 2012, 05:05 PM
Really. Let me repeat, you could become a Flashback victim by merely viewing a web-site, quite possibly a Wordpress blog.
There are a number of ways to avoid this trojan.


One simple way is to uncheck "Enable Java" in Safari preferences, whether you have the Java updates or not.
Use OpenDNS servers in your network and router settings.
Depending on which variant is involved, you can also be secure if you have one or more of the following apps installed, or simply have one of the following paths present on your computer (even without the app installed):
/Applications/Microsoft Word.app
/Applications/Microsoft Office 2008
/Applications/Microsoft Office 2011
/Applications/Skype.app
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app

CrickettGrrrl
Apr 11, 2012, 05:09 PM
There are a number of ways to avoid this trojan. One simple way is to uncheck "Enable Java" in Safari preferences, whether you have the Java updates or not. Depending on which variant is involved, you can also be secure if you have one or more of the following apps installed, or simply have one of the following paths present on your computer (even without the app installed):
/Applications/Microsoft Word.app
/Applications/Microsoft Office 2008
/Applications/Microsoft Office 2011
/Applications/Skype.app
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app

Exactly, GGJ Studios has posted really pertinent information for Mac users. i read his advice about disabling Java in the browser at least a year ago. All good stuff to do and takes very little time.

TrentS
Apr 11, 2012, 05:12 PM
Yeah, I wouldn't trust these companies at all. I do think the virus protection companies are the ones that infect your computers in the first place ( in the PC world, that is ). It's called job security. I'll wait for an Apple Approved app to test my Mac for a virus.

:p:p:p:p

CrickettGrrrl
Apr 11, 2012, 05:13 PM
And if you are infected, what is the effect exactly?

That information hasn't been posted in any of the Mac sites I've been looking at. However, Ars Technica posted an article today about a huge spike in DDoS activity in this first quarter, likely botnets, and it coincides with the Flashback variant hitting sometime in late January or early February. The targets were financial sites.

Anyway: http://arstechnica.com/business/news/2012/04/bad-bots-ddos-attacks-spike-in-first-quarter-outdoing-all-of-2011.ars

mikeo007
Apr 11, 2012, 05:19 PM
I don't trust that online UUID checker. My machine is not infected, yet the checker says I am. Don't trust it.

Aniday
Apr 11, 2012, 05:29 PM
This scare mongering by the media and AV vendors is pathetic. The reports of shady removal tools and websites already is proof enough. It's to get you scared so you go and get their AV tools. A Java bug doesn't suddenly make it okay to turn over your whole computer/file system to an AV company. Yeah, go paste your UUID number everywhere... especially on a page that isn't even SSL encrypted. Sure looks trustworthy to me!

A whois on flashbackcheck.com doesn't even give you anything. Just domains by proxy.. which means whoever set this up didn't want you to see anything when you run a whois. A whois on Kapersky shows everything as it should be. Why would Kapersky have a normal whois on their own site but not on another site they have? Wouldn't you want your name on a malware checker? Not to mention the different IP's. Why not host it on the same server? Things aren't fitting together here...

These Java vulnerabilities have been known for a while and the only fault of Apple is not updating quickly enough- basically at the last minute shortly after the "news" broke about the "600,000" people infected, which I don't really believe. And Safari's defaulted "derp, allow Java all the time!" habit is annoying. Apple kinda asked for all this negative attention.


Firefox+Noscript= End of drive-by attacks.

eyebex
Apr 11, 2012, 05:34 PM
I don't trust that online UUID checker. My machine is not infected, yet the checker says I am. Don't trust it.

This scare mongering by the media and AV vendors is pathetic. The reports of shady removal tools and websites already is proof enough. It's to get you scared so you go and get their AV tools. A Java bug doesn't suddenly make it okay to turn over your whole computer/file system to an AV company. Yeah, go paste your UUID number everywhere... especially on a page that isn't even SSL encrypted. Sure looks trustworthy to me!

maybe my skeptical side was right afterall:eek:

Winter Charm
Apr 11, 2012, 05:36 PM
A few days ago I did the Terminal commands that F-Secure posted for checking for Flashback trojan (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml). Redid it today and both times came up negative.

I downloaded and used an app to do the same (https://github.com/jils/FlashbackChecker/wiki) and also the F-Secure Flashback Removal app. They both also came up negative.

I used the web-based checker in this article, put in the hardware UUID of my Mac and surprise, surprise, it came up positive.

I would have thought that MacRumours would've tested them and saw that the Kaspersky Lab web page is bogus!!!!

This is what I assumed they would be up to... :P

wazgilbert
Apr 11, 2012, 05:41 PM
Make sure all network, email, financial and other important passwords are complex, including upper and lower case letters, numbers and special characters.

http://imgs.xkcd.com/comics/password_strength.png

Consultant
Apr 11, 2012, 05:51 PM
Well, considering security researchers already published instructions for removal,
this is good for those who can't enter a few simple commands.

Aniday
Apr 11, 2012, 05:54 PM
Image (http://imgs.xkcd.com/comics/password_strength.png)

One problem with that theory: It's easy for a computer to guess. Using a string of real words means that it's a simple matter of plugging in a word list on your cracking software and that'll be cracked in a couple minutes. Entropy is important, but isn't everything.

Five or so random letters and symbols followed by a bunch of periods would be better, in theory.

WestonHarvey1
Apr 11, 2012, 06:17 PM
Why is it named "Flashfake"? That doesn't give me a lot of confidence. Is it fake?

Why not just call it the Flashback Removal Tool?

Krazy Bill
Apr 11, 2012, 06:19 PM
I think technically it's malware, since it tricks the user into installing it. Viruses get in on their own.Oh thank god it's not a virus. That means the 600,000 people infected with this trivial non-virus dodged a bullet. :eek:

Aniday
Apr 11, 2012, 06:23 PM
Oh thank god it's not a virus. That means the 600,000 people infected with this trivial non-virus dodged a bullet. :eek:

Snarky comments don't really work when you have a fundamental misunderstanding of the severity of different kinds of malware.

Not that I blame you. Using OS X doesn't give you much of a reason to become familiar with such things.

Rodimus Prime
Apr 11, 2012, 06:27 PM
To avoid future "infections".

Step 1. Remove Java, you probably don't need it.

Step 2. Remove Flashplayer, if you insist upon using flash run Chrome.

Step 3. Don't be a click-happy nut who passively submits to blissfully typing in the admin password.

---
There, future crisii averted...


Ahh it is cute. Someone things they never need something that uses java.....

Aniday
Apr 11, 2012, 06:33 PM
Ahh it is cute. Someone things they never need something that uses java.....

What? Minecraft? lol

Java is inherently awful. If you need to use it... I am very sorry :(

Krazy Bill
Apr 11, 2012, 06:39 PM
Snarky comments don't really work when you have a fundamental misunderstanding of the severity of different kinds of malware.

Not that I blame you. Using OS X doesn't give you much of a reason to become familiar with such things.You don't understand grasshopper. The issue is not the infection... it's Apple's denial and delay in delivering the "cure".

Aniday
Apr 11, 2012, 06:45 PM
You don't understand grasshopper. The issue is not the infection... it's Apple's denial and delay in delivering the "cure".

The cure would be to stop using Java. Java always has security issues, just like flash. It's awful software.

Not getting infected by malware is up to you and your online practices. Relying on Apple to update Java to protect you isn't going to work. We've known for a while now that Apple takes it's time with Java updates.

I do however agree that Apple should step up it's game as far as updating and not defaulting Safari to just automatically run Java.

user418
Apr 11, 2012, 06:59 PM
They don't, since this isn't a virus. Viruses aren't the only form of malware that can infect computers.

To be certain, just use the Terminal commands (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml) that have already been posted everywhere.

I agree. I am by no means tech savvy but I was able to follow the directions for using the terminal commands. Both machines are clean.

Rodimus Prime
Apr 11, 2012, 07:19 PM
The cure would be to stop using Java. Java always has security issues, just like flash. It's awful software.

Not getting infected by malware is up to you and your online practices. Relying on Apple to update Java to protect you isn't going to work. We've known for a while now that Apple takes it's time with Java updates.

I do however agree that Apple should step up it's game as far as updating and not defaulting Safari to just automatically run Java.

again you really have no idea about java. It has a lot of pluses. Java is Compile once run everyone. All the others require having the code compiled for the respective OS. This means you are not tied to a single OS.

Java on OSX tends to lag behind everyone else which is 100% Apple fault. Apple has been very slow on updating it and tends to be behind.

The security issue on Safari running Java by defaulting is Apple fault. All the other browsers tend to at least ask you.

But then again there is a reason why safari user bases is still in the others catigory.

Aniday
Apr 11, 2012, 07:28 PM
again you really have no idea about java. It has a lot of pluses. Java is Compile once run everyone. All the others require having the code compiled for the respective OS. This means you are not tied to a single OS.

Java on OSX tends to lag behind everyone else which is 100% Apple fault. Apple has been very slow on updating it and tends to be behind.

The security issue on Safari running Java by defaulting is Apple fault. All the other browsers tend to at least ask you.

But then again there is a reason why safari user bases is still in the others catigory.

Yes, I know Java is cross platform. However, that becomes a bane once you realize that Java is a walking, widely accepted, Swiss cheese of security. Holes everywhere. There's constant vulnerabilities and it just doesn't run good on top of that.

I know the default running of Java is Apple's fault.

No one needs to develop in Java. It just happens to be easy to do.

Rodimus Prime
Apr 11, 2012, 07:44 PM
Yes, I know Java is cross platform. However, that becomes a bane once you realize that Java is a walking, widely accepted, Swiss cheese of security. Holes everywhere. There's constant vulnerabilities and it just doesn't run good on top of that.

I know the default running of Java is Apple's fault.

No one needs to develop in Java. It just happens to be easy to do.

The fact that you say no one needs to develop in Java speaks volumes about your understanding (or lack of understanding) of Java.

Say I need to make some type of app that I need to run in client computers to finish some install process. Now if I was not using java I would need to have some program for windows, another for linux, and another for OSX.. If it was java I would need just one and it would do everything I would need it to do.

Aniday
Apr 11, 2012, 07:49 PM
The fact that you say no one needs to develop in Java speaks volumes about your understanding (or lack of understanding) of Java.

Say I need to make some type of app that I need to run in client computers to finish some install process. Now if I was not using java I would need to have some program for windows, another for linux, and another for OSX.. If it was java I would need just one and it would do everything I would need it to do.

You seem to be under the impression that Java is the only thing that can do that...

You also seem to be under the impression that the security and stability issues in Java aren't a big deal.

user418
Apr 11, 2012, 07:57 PM
I ran across this java article (http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-disable-java-in-os-x) that talks about disabling java via utilities>java preferences. Can anyone comment on it's validity?

NY Guitarist
Apr 11, 2012, 08:14 PM
So to be safe I disabled Java in the Java preferences app and now Firefox 11.0 crashes when I attempt to launch it?

Safari does NOT crash?

I'm using OSX 10.6.8 and can't upgrade to Lion because of software compatibilty issues with Lion.

GGJstudios
Apr 11, 2012, 08:16 PM
So to be safe I disabled Java in the Java preferences app and now Firefox 11.0 crashes when I attempt to launch it?

Safari does NOT crash?

I'm using OSX 10.6.8 and can't upgrade to Lion because of software compatibilty issues with Lion.
All you have to do is disable Java in Safari preferences.

k.dub
Apr 11, 2012, 08:23 PM
Use at your own risk.

I can't believe I did this so blindly.

I downloaded and used the Kapersky Flashfake Removal Tool app and now I can't log in. I get the spinning beach ball after I type my password and hit enter. Safe mode results in the same thing. Any ideas??? Early 2011 MBP.

NY Guitarist
Apr 11, 2012, 08:25 PM
All you have to do is disable Java in Safari preferences.

Thanks I'll give that a try.

Just to be clear it's not necessary to disable Java in the Java preferences app then too?

faroZ06
Apr 11, 2012, 08:35 PM
I'd rather just use the Apple tool. Looks like Apple is preparing well for malware.

Am I the only one seeing Norton and other 3rd party antivirus companies dying on the Mac platform? I'm pretty sure Mac OS X will eventually have full-on built-in antimalware.

----------

What? Minecraft? lol

Java is inherently awful. If you need to use it... I am very sorry :(

Sadly, I have to use it for Minecraft and a few random web apps. It's not bad considering that it's made to work on every platform, which implies some inefficiency, but it's much worse than a real x86 UNIX program!

beg_ne
Apr 11, 2012, 08:36 PM
The fact that you say no one needs to develop in Java speaks volumes about your understanding (or lack of understanding) of Java.

Say I need to make some type of app that I need to run in client computers to finish some install process. Now if I was not using java I would need to have some program for windows, another for linux, and another for OSX.. If it was java I would need just one and it would do everything I would need it to do.

Security and stability of a system should be more important than letting developers be lazy and create crap software that is horrible across all systems.

Java's "write once, run everywhere" never materialized into anything decent.

I really don't know why you're bothering to explain Java to us like it's 1999. Maybe you're an android dev?

faroZ06
Apr 11, 2012, 08:41 PM
To avoid future "infections".

Step 1. Remove Java, you probably don't need it.

Step 2. Remove Flashplayer, if you insist upon using flash run Chrome.

Step 3. Don't be a click-happy nut who passively submits to blissfully typing in the admin password.

---
There, future crisii averted...

Remove Java and Flash? NOPE. How 'bout you get Click2Plugin so you can still have the plugins but choose when to use them?

And wouldn't removing Flash also make it not work in Chrome?

And are you sure that the accusative plural of "crisis" is "crisii"? I don't think it is.

bedifferent
Apr 11, 2012, 08:42 PM
Java on OSX tends to lag behind everyone else which is 100% Apple fault. Apple has been very slow on updating it and tends to be behind.

That's because they're too busy with iOS, iPhone's, iPad's, and integrating iOS features such as "Game Center" into iOS X - err, I mean OS X. :rolleyes:

faroZ06
Apr 11, 2012, 08:42 PM
Security and stability of a system should be more important than letting developers be lazy and create crap software that is horrible across all systems.

Java's "write once, run everywhere" never materialized into anything decent.

I really don't know why you're bothering to explain Java to us like it's 1999. Maybe you're an android dev?

Java is really only good for little apps that you run on mobile phones and stuff. I don't see why developers can't just compile the same thing for each major PC OS... there are only 2 (I wouldn't count Linux as a major PC OS, more of a server OS).

But you gotta hand it to them, Java is good for web apps. The number of non-web apps that use Java is small, which is good. I don't see what alternative there is to Java for web apps besides HTML5 (which I don't know much about).

Renzatic
Apr 11, 2012, 08:49 PM
...but it's much worse than a real x86 UNIX program!

I dunno, man. They used Unix based mainframes at Isla Nublar, and look how that turned out.

faroZ06
Apr 11, 2012, 08:58 PM
Company offers free antivirus software? Is this not just a precursor to getting you to buy there antivirus software. Coming from a PC background I've always been suspicious that Norton and others have 1 department creating viruses whilst another creates antivirus software. Or am I just skeptical?
Either way as I'm waiting to buy a new iMac I'm less than happy to hear about Mac viruses.

All Mac antivirus software is a scam. My mom's friend paid a lot of money to get her Mac cleaned of "viruses". Anyway "Mac antivirus" is an oxymoron. As for antimalware, that is easy to do without paying.

----------

I dunno, man. They used Unix based mainframes at Isla Nublar, and look how that turned out.

I laughed when I saw that part in the movie when I first watched it in 2011. The kid said, "This is a UNIX system!"

AidenShaw
Apr 11, 2012, 09:05 PM
All Mac antivirus software is a scam. My mom's friend paid a lot of money to get her Mac cleaned of "viruses". Anyway "Mac antivirus" is an oxymoron.

People who don't admit that "virus" and "malware" mean the same thing to most people miss the point.

If your identity and credit card numbers are sent to criminals in the Ukraine - is it "OK" if malware sent the info and "bad" if a virus sent the info?

I'd think that most people would label it as "bad" regardless of minor technical details of the infection.

And add to that the simple truth that viruses aren't really that common anymore - OS changes have made the threat of viruses fairly small. When you get a product like Norton, you're buying "anti-malware" protection - even if the product name contains the word "antivirus" for historical familiarity.

faroZ06
Apr 11, 2012, 09:12 PM
People who don't admit that "virus" and "malware" mean the same thing to most people miss the point.

If your identity and credit card numbers are sent to criminals in the Ukraine - is it "OK" if malware sent the info and "bad" if a virus sent the info?

I'd think that most people would label it as "bad" regardless of minor technical details of the infection.

Both are equally bad, yes, but viruses are easier to get infected by and typically harder to remove. Antivirus software is a must when you are vulnerable to viruses because they will infect you without you knowing.

However, Apple is already preparing for malware attacks, and Mac malware has been easy to get rid of so far. Having antivirus on a Mac barely does anything, and it doesn't do anything that can't be done easily for free. In fact, it slows you down and costs a considerable amount of money, so it's not worth it.

The antivirus is even sometimes worse than a virus.

AidenShaw
Apr 11, 2012, 09:31 PM
Both are equally bad, yes, but viruses are easier to get infected by and typically harder to remove. Antivirus software is a must when you are vulnerable to viruses because they will infect you without you knowing.

So, the 600K Apples infected with Flashback all had users who knew that they were being infected?

LOL

Just get off the "virus vs. malware" track - malware is where the money is, there are very few viruses in the wild today. Network firewalls (both OS level and home router-based, and even simple NAT) and OS changes have greatly reduced that potential for virus propogation.

"Drive-by malware" (like Flashback) is where the money is. The criminals are exploiting application holes and user ignorance - and both Windows and Apple OSX have application holes and ignorant users.

linuxcooldude
Apr 11, 2012, 09:33 PM
People who don't admit that "virus" and "malware" mean the same thing to most people miss the point

That's why we have security professionals who do know the difference. There will always be a market that caters to the detection, removeal & prevention of viruses, malware, trojans etc. just because of the average person not knowing these things. It may not matter to the general public, but does so to the buisnesses who provide these services.

faroZ06
Apr 11, 2012, 09:42 PM
So, the 600K Apples infected with Flashback all had users who knew that they were being infected?

LOL

Just get off the "virus vs. malware" track - malware is where the money is, there are very few viruses in the wild today. Network firewalls (both OS level and home router-based, and even simple NAT) and OS changes have greatly reduced that potential for virus propogation.

"Drive-by malware" (like Flashback) is where the money is.

To answer your question, no, and I never said they knew. The 600K users infected themselves unknowingly by opening the malware (and not just getting infected by a virus). And why are you mentioning that malware is where the money is? I know that. I also know that viruses are becoming less of a problem than before since less people are making them. More reasons not to get antivirus for Mac. I'm pretty sure that there will be no Mac virus.

Even if you were to go with the belief that they can get viruses, it is unlikely that a Mac virus will ever be created because even if Mac OS becomes the dominant PC OS, by then, nobody will be making viruses anymore at all. Why get antivirus for Mac?

----------

I dunno, man. They used Unix based mainframes at Isla Nublar, and look how that turned out.

I wonder if that was product placement, UNIX in Jurassic Park?

AidenShaw
Apr 11, 2012, 09:53 PM
The 600K users infected themselves unknowingly by opening the malware (and not just getting infected by a virus).

And were the 600K happy that they were infected by malware rather than a virus?

As I said, just get off the "virus vs. malware" track - to almost everyone they are the same thing, something bad on the computer.


More reasons not to get antivirus for Mac.

As I said, companies sell packages that protect against threats, even as the threats evolve. A product named "FUBAR AntiVirus" may contain anti-malware as well as anti-virus features.

Don't dismiss a possibly useful security tool because it has the five letters "v i r u s" in its name.


I'm pretty sure that there will be no Mac virus.

And I'm pretty sure that the people infected with this and future Apple OSX malware won't give a damn about petty distinctions between "virus" and "malware".

faroZ06
Apr 11, 2012, 10:12 PM
And were the 600K happy that they were infected by malware rather than a virus?

As I said, just get off the "virus vs. malware" track - to almost everyone they are the same thing, something bad on the computer.




As I said, companies sell packages that protect against threats, even as the threats evolve. A product named "FUBAR AntiVirus" may contain anti-malware as well as anti-virus features.

Don't dismiss a possibly useful security tool because it has the five letters "v i r u s" in its name.




And I'm pretty sure that the people infected with this and future Apple OSX malware won't give a **** about petty distinctions between "virus" and "malware".

They won't notice the difference between the two, but malware requires no 3rd party software to deal with easily. Viruses do. Antivirus protects against malware, but so do easier (and free and less computer-taxing) procedures.

Viruses may seem the same as malware to users, but they are a way bigger threat. I just installed Windows 7 fresh on an HP machine and opened IE just once and didn't go anywhere besides the Chrome and Safari download pages. It already got a virus that spammed IE with toolbars and such for some retarded search engine as well as installing AOL stuff. I didn't do anything!

Therefor, antivirus is only useful for viruses or swarms of malware. Currently, Mac OS has neither, and Apple is apparently going to take care of the swarms of malware should they appear. There is no reason to get 3rd party antivirus software for Mac. All it would do is defend you from malware that can be defended against easily anyway.

Risasi
Apr 11, 2012, 10:18 PM
Smugness is unbecoming. :rolleyes:

Really. Let me repeat, you could become a Flashback victim by merely viewing a web-site, quite possibly a Wordpress blog.

Doesn't change the fact that almost nobody needs to have the JRE or SDK installed. Why do you want to have something installed that you don't use, but makes you susceptible to cracking attempts? why do you need Java installed?

Why don't more Java coders sandbox and package a JavaVM in with their installer? Then you really wouldn't need to have it installed...

*Why doesn't Sun/Oracle stop blatting their stupid dll's all over the place and stop putting their Javaw.exe in the sustem32 directory where it can't find said dll's?

Why do people get the runtime environment and JavaScript confused?

---

Whatever, shoot the messenger. If somone yells at you about the imminent danger of standing on the subway rail are going to deride them too because they are too "smug".



*Windows specific

Thana6tos
Apr 11, 2012, 10:33 PM
:mad:OH, GROW UP! and go back to PC. 'infected' suggests its a virus. thought macs didnt get viruses. haha

faroZ06
Apr 11, 2012, 10:42 PM
:mad:OH, GROW UP! and go back to PC.

I don't know if the original post or this ^^ is sarcasm or not... People need to be more clear when trying to use text to convey a conversation.

----------

Doesn't change the fact that almost nobody needs to have the JRE or SDK installed. Why do you want to have something installed that you don't use, but makes you susceptible to cracking attempts? why do you need Java installed?

Why don't more Java coders sandbox and package a JavaVM in with their installer? Then you really wouldn't need to have it installed...

*Why doesn't Sun/Oracle stop blatting their stupid dll's all over the place and stop putting their Javaw.exe in the sustem32 directory where it can't find said dll's?

Why do people get the runtime environment and JavaScript confused?

---

Whatever, shoot the messenger. If somone yells at you about the imminent danger of standing on the subway rail are going to deride them too because they are too "smug".



*Windows specific

I think calling Java "useless" is fanboyism. Although the security threat of Java is lame, it is good for web apps. But is it true that you can get this so easily from visiting a site? And I'm sure legitimate sites don't get infected with something that makes them spread it to Macs.

Flash was horrible, and it was reasonable to blame Adobe in that case, but people shouldn't just start calling Java a horrible standard to shift the blame over to them. Mac OS is susceptible to malware just like Windows is, but Apple is actually going to take care of it for us with app signing and security updates.

Renzatic
Apr 11, 2012, 10:47 PM
Viruses may seem the same as malware to users, but they are a way bigger threat. I just installed Windows 7 fresh on an HP machine and opened IE just once and didn't go anywhere besides the Chrome and Safari download pages. It already got a virus that spammed IE with toolbars and such for some retarded search engine as well as installing AOL stuff. I didn't do anything!

That's not a virus. What you're seeing there is the totally excessive and completely unnecessary crap HP stuffs on their "restoration discs" and/or recovery partitions to bug the everliving hell out of you. If you're going to install Windows 7, make sure you're using a proper Win7 disc, and nothing provided by the OEMs.

I know it's not a virus because that wouldn't happen otherwise. IE is locked down tighter than a drum these days. You won't get any toolbars installed on it without your express permission.

faroZ06
Apr 11, 2012, 11:06 PM
That's not a virus. What you're seeing there is the totally excessive and completely unnecessary crap HP stuffs on their "restoration discs" and/or recovery partitions to bug the everliving **** out of you. If you're going to install Windows 7, make sure you're using a proper Win7 disc, and nothing provided by the OEMs.

I know it's not a virus because that wouldn't happen otherwise. IE is locked down tighter than a drum these days. You won't get any toolbars installed on it without your express permission.

Actually, the HP came with Windows Vista. That didn't last long because I soon rage-destroyed the OS. I installed Windows 7 from a real disc bought from Microsoft, nothing hardware-specific. This is actually the second time installing Windows 7 on the machine (the first one got killed when I did sudo rm -rf /* in Ubuntu on the same computer). The first time I installed it, nothing happened. The second time, I got these search bars and adware out of nowhere.

And the search bars it installed (and also set my homepage to) were for Babylon search. I searched it online and got a bunch of removal instructions for it. It somehow installed itself on a fresh Windows 7.

http://www.google.com/search?client=safari&rls=en&q=Babylon+search&ie=UTF-8&oe=UTF-8

Renzatic
Apr 11, 2012, 11:30 PM
I dunno, man. You've got to be doing something really amazingly incredibly weird to get a whole stack of toolbars like that on IE8 in Win7. The only thing I can figure is, A. you're prodigiously unlucky, or B. You've installed AOL for some reason, and that's why you have those toolbars. AOL is one of those annoying programs that likes to override everything, and tuck itself into every nook and cranny it can find.

Otherwise, hell...search me. I surfed around on multiple sites using IE8 just the other day, and I didn't pick up toolbar one. Getting them tacked on just by visiting the Safari and Chrome sites? That's nigh on unheard of.

The only thing I can tell you to do is hop onto Windows Update and grab IE9 as soon as you can. I use it occasionally on my computer, and I know it doesn't do anything weird like that.

faroZ06
Apr 11, 2012, 11:37 PM
I dunno, man. You've got to be doing something really amazingly incredibly weird to get a whole stack of toolbars like that on IE8 in Win7. The only thing I can figure is, A. you're prodigiously unlucky, or B. You've installed AOL for some reason, and that's why you have those toolbars. AOL is one of those annoying programs that likes to override everything, and tuck itself into every nook and cranny it can find.

Otherwise, ****...search me. I surfed around on multiple sites using IE8 just the other day, and I didn't pick up toolbar one. Getting them tacked on just by visiting the Safari and Chrome sites? That's nigh on unheard of.

The only thing I can tell you to do is hop onto Windows Update and grab IE9 as soon as you can. I use it occasionally on my computer, and I know it doesn't do anything weird like that.

Yeah, it's very strange. I actually just installed the OS and didn't download anything except for a couple of browsers. Anyway, I don't care that much because I don't use IE at all. Even if it affects other stuff, I still don't care much because I don't use that computer for anything except for random tests. My dad got it for... long story, but he ended up giving it to me quickly after getting a taste of Vista combined with the HP Pavilion Slimline, one of their worst PCs.

Anyway, it doesn't matter. It's just an example of the kind of thing antivirus software is good for killing.

Goldenbear
Apr 12, 2012, 12:38 AM
Yeah, it's very strange. I actually just installed the OS and didn't download anything except for a couple of browsers. Anyway, I don't care that much because I don't use IE at all. Even if it affects other stuff, I still don't care much because I don't use that computer for anything except for random tests. My dad got it for... long story, but he ended up giving it to me quickly after getting a taste of Vista combined with the HP Pavilion Slimline, one of their worst PCs.

Anyway, it doesn't matter. It's just an example of the kind of thing antivirus software is good for killing.

My SOP for installing Windows is to first download the latest anti-virua/anti-malware apps/definitions on my Mac. I install Windows without any networking enabled, then install the updates (transfer over via flash drive).

As far as all these Mac anti-virus software, would ANY of them have stopped this thing on day one?

iWonderwhy
Apr 12, 2012, 01:02 AM
Bogus indeed. Says I'm infected, I download the tool, run the scan, says to restart my machine, which I do. I then go back to the web-based flash checker, enter the UDID again, and says I'm infected. Just a sham IMO, all patches have been downloaded. Never went to any suspicious URLs either. Meh, not putting too much weight on this.

Hyper-X
Apr 12, 2012, 01:14 AM
Quite frankly all the comments about how "the problem isn't a virus" and how Macs are immune to them contribute to why non-Mac users keep thinking we're all clueless. Those who continue to believe Macs are like the "unsinkable Titanic" obviously are doomed to repeat the same mistakes.

It's not as important for us to know whether the problem is technically a virus than it is to recognize that Macs can be affected by malicious software, and hiding behind the "small Mac demographic" as an effective defense isn't good enough anymore. Xprotect alone isn't good enough.

While I don't think everyone should overreact/panic and rush to get antivirus, I still believe it's still good to have something. I've said this before and I stand by this... as a former IT tech now engineer, Macs are always a huge risk to mainstream Windows-based networks because they're often "carriers" of potential harmful content. Just because your Mac can't be affected by a Windows-based malware, with no form of outgoing protection/validation, there's nothing stopping your Mac from infecting/spreading them.

The opposite could be true as well, you wouldn't want to deal with Windows machines introduced into your Mac-dominant network if it was an unknowing carrier of Mac-specific malware. Responsible computing goes beyond just looking at what can affect your own computer.

Mr. Gates
Apr 12, 2012, 02:21 AM
The more you tighten your grip, Apple , the more malware will slip through your fingers.

http://www.oreillynet.com/digitalmedia/blog/images/starwarsDRM.jpg

MuppetGate
Apr 12, 2012, 02:35 AM
Doesn't change the fact that almost nobody needs to have the JRE or SDK installed. Why do you want to have something installed that you don't use, but makes you susceptible to cracking attempts? why do you need Java installed?

There are lots apps running behind corporate firewalls that need Java to run. Developers using Macs to write open source frameworks often use IDEs build around Java. And there are even a few apps popular on Macs (like MoneyDance) that need a JVM to work.

In any case, blaming Java is really just burying your head in the sandbox. If Apple had fixed the problem when Oracle patched Java way back in February then this wouldn't have happened. The fault lies entirely with Apple.

Why don't more Java coders sandbox and package a JavaVM in with their installer? Then you really wouldn't need to have it installed...

Because a full JRE installation is huge for one thing, but the main reason is bug fixes. If a vulnerability is found in the Java then it can be patched in one place and then all the apps that use it are covered. Separate JREs, aside from using large amounts of disk space, would mean that each app would need to be updated.
Having a single shared JVM/JRE is better, unless your JVM vendor is as lax as Apple.

*Why doesn't Sun/Oracle stop blatting their stupid dll's all over the place and stop putting their Javaw.exe in the sustem32 directory where it can't find said dll's?

Can't say I've ever had a problem with a JVM installation, so I can't help with that one I'm afraid.

Why do people get the runtime environment and JavaScript confused?

Because years ago, Netscape tried to cash in on the Java name by naming their ECMAScript implementation Javascript. No one thanks them for it.

Skoopman
Apr 12, 2012, 02:44 AM
I still don't believe the 600,000 figure.

Me neither, but I know 2 people who are infected. Btw, there is also the free Bitdefender Virus Scanner (http://itunes.apple.com/us/app/bitdefender-virus-scanner/id500154009?mt=12). It took only a few minutes to scan my system, no infection.

Winni
Apr 12, 2012, 03:39 AM
What? Minecraft? lol

Java is inherently awful. If you need to use it... I am very sorry :(

If you use Java, that usually simply means that you live in the world of grown ups where people use their computer for business and work and not just to browse through Facebook and YouTube. Whether anyone likes it or not, Java is - and remains - the number one platform for enterprise software and it also still is the most widely used programming language on the globe.

Apple only lost their interest in Java when they realized that enterprises did not want to use Macs and when it became very obvious that Apple had turned into a pure consumer brand.

tblrsa
Apr 12, 2012, 04:00 AM
I guess with GateKeeper active, this malware would have had its fair share of troubles executing on the victims machine.

kiljoy616
Apr 12, 2012, 04:23 AM
'infected' suggests its a virus. thought macs didnt get viruses. haha

Its a trojan and its part not so much of OS X but Flash and Java, now Apple has and this company has to fix it. When oh when will these outdated languages die off. Feels like they are taking for ever. I guess no real incentive for things to happen.

4 Mac's not one infections, oh wait I never use Java hahahahahaha. Has anyone but the trolls really gotten an infections? :rolleyes:

----------

I guess being too lazy and, frankly, cheap to spend that $29 seems pretty stupid now, doesn't it? :D

Spending the money would be what I consider stupid. Still have no virus/trojan/worm/bacterial;) infections ever since owning a Mac and right now there are 4 at home running OS X Snow leopard and Lion.

Was not even worried about this, still suspicious of the whole thing. :D

Oletros
Apr 12, 2012, 04:23 AM
Its a trojan and its part not so much of OS X but Flash and Java, now Apple has and this company has to fix it. When oh when will these outdated languages die off. Feels like they are taking for ever. I guess no real incentive for things to happen.

And exactly why is an outdated language?

Has anyone but the trolls really gotten an infections? :rolleyes:


Ah, you're only talking nonsense and you don't have a clue about what you're talking about

kiljoy616
Apr 12, 2012, 04:34 AM
All Mac antivirus software is a scam. My mom's friend paid a lot of money to get her Mac cleaned of "viruses". Anyway "Mac antivirus" is an oxymoron. As for antimalware, that is easy to do without paying.

----------



I laughed when I saw that part in the movie when I first watched it in 2011. The kid said, "This is a UNIX system!"

And then they run a quicktime. Oh that was the movie for Mac fans.

----------

Company offers free antivirus software? Is this not just a precursor to getting you to buy there antivirus software. Coming from a PC background I've always been suspicious that Norton and others have 1 department creating viruses whilst another creates antivirus software. Or am I just skeptical?
Either way as I'm waiting to buy a new iMac I'm less than happy to hear about Mac viruses.

No virus, not really an issue, I am all for this is hype and paranoia which seems to permeate all of life and is great for news outlets. Buy away, forget Virus Software and turn off Java which you hardly ever need and your fine. Javascript is sandboxed so much safer.

While most spyware components (hijackers especially) get on to people systems through ActiveX, it is possible for spyware to use these security weaknesses in Java to try and infect the users system. A bug discovered in October 2000 allows the system to automatically run signed or unsigned ActiveX scripts by the use of Java without the users permission (ActiveXComponent bug).

And we all know how secure ActiveX is on the PC :rolleyes:

MH01
Apr 12, 2012, 04:36 AM
The cure would be to stop using Java. Java always has security issues, just like flash. It's awful software.

ha ha ha ha ha ha ha ha ha! Classic!

My advice to you, Stay off the internet! Best cure!

owww and I do not think Java is what you think it is.... Do some research!

MH01
Apr 12, 2012, 04:46 AM
Both are equally bad, yes, but viruses are easier to get infected by and typically harder to remove. Antivirus software is a must when you are vulnerable to viruses because they will infect you without you knowing.

However, Apple is already preparing for malware attacks, and Mac malware has been easy to get rid of so far. Having antivirus on a Mac barely does anything, and it doesn't do anything that can't be done easily for free. In fact, it slows you down and costs a considerable amount of money, so it's not worth it.

The antivirus is even sometimes worse than a virus.

Dude, they are the same thing these days! One of the most stupid arguments on MR is Virus/Malware artguements. The stupid smugness that one cannot get a virus is really really silly, Malware is just as bad. When someone steals your credit card details.... you not going to give a crap if it was done via virus or malware!

Apple is preparing for malware attacks? Are you serious? Apple is reactive! With popularity more of these exploits will arrive. Is your stopped right now, introduced no new software worldwide, you can say your are right, with all new software new exploits are introduced.

So in the future, are you going to wait for news sites to tell you there is a new malware on a mac, and wait for the free instructions on how to check/remove it?? By then, you would have lost a hell a lot of private/financial data.

I fee a hell of a lots more secure on my PC right now, running avast which checks webpages i visit and has a daily updated file with definitions of virues/malware. And with the speed of current day cpus and SSD drives, you do not even notice a security program running.

MonkeySee....
Apr 12, 2012, 04:48 AM
So to be safe I disabled Java in the Java preferences app and now Firefox 11.0 crashes when I attempt to launch it?

Safari does NOT crash?

I'm using OSX 10.6.8 and can't upgrade to Lion because of software compatibilty issues with Lion.

In Firefox you can disable the Plugin. As GGStudios said you don't need to touch the app

digitalrampage
Apr 12, 2012, 05:43 AM
This is totally bogus.. I can't believe I ran this.

just do a whois on the website.. its registered via godaddy and no surprises but kaspersky doesn't use godaddy.

Why is MacRumors posting this stuff - if I had to put money on it, I have now infected myself with something beyond flashback.

Oletros
Apr 12, 2012, 05:56 AM
This is totally bogus.. I can't believe I ran this.

just do a whois on the website.. its registered via godaddy and no surprises but kaspersky doesn't use godaddy.

Why is MacRumors posting this stuff - if I had to put money on it, I have now infected myself with something beyond flashback.


What is bogus?

StrudelTurnover
Apr 12, 2012, 06:10 AM
I checked and was not infected. I'm always skeptical about companies doing anything for free. What's the catch with Kaspersky?:rolleyes:

The catch is it got you to type "Kaspersky" into a forum post. I had forgotten they even existed before reading this news article.
Companies do things for free all the time, except they are also getting something in return. ;)

mabaker
Apr 12, 2012, 06:17 AM
I would trust F-Prot, not KAspersky.

Augure
Apr 12, 2012, 06:20 AM
The so-called "no virus on Mac" is now officially dead.

It was doomed to happen eventually, and will only get worse as Mac gain popularity

mabaker
Apr 12, 2012, 06:22 AM
The so-called "no virus on Mac" is now officially dead.

It was doomed to happen eventually, and will only get worse as Mac gain popularity

Do differentiate between mass hysteria and a real virus, please.

Nuvi
Apr 12, 2012, 06:47 AM
Has anyone found the infection? Not that I've seen, aside from the reported "600,000" number.

And if you are infected, what is the effect exactly?

First of all Flashback is downloader for the actual payloads. There are at least two known payloads in the wild. One is advertising scam and the other one is stealing your banking, credit card, password etc. personal information.

Regarding the number of infected computers the 600 000 in worst case scenario is just the tip of the iceberg that security firms have managed to contact (and get the UUID) with their C&C which imitates the real C&C. If they have managed to contact the most then the number is close to the one published. However, I wouldn't be surprised if this number goes up.

Nuvi
Apr 12, 2012, 06:58 AM
Do differentiate between mass hysteria and a real virus, please.

In all seriousness what do you want. If trojan stealing you personal data (passwords, credit card numbers, banking info) isn't cause for concern then what is? Real Virus?!? FYI there is not a single non living organism that can get a real virus. In order to be considered as a virus it must be able to replicate itself in a living organism... Then again money grabbing trojan malware is worse enough for me... This whole discussion about one being a virus or Trojan is pointless from end user perspective. The fact remains, you can get the Flashback downloader (and eventually one of the payloads instructed by C&C) from a random site without entering a single password.

goosnarrggh
Apr 12, 2012, 07:02 AM
I guess being too lazy and, frankly, cheap to spend that $29 seems pretty stupid now, doesn't it? :D

Anybody still running a PowerPC-based Mac is most definitely running Leopard or older. The vulnerability which led to this exploit almost certainly exists on those machines, and it will never receive an official fix from Apple.

Now, from the quick little bit of research I've done, it appears that this particular exploit sends executable files to your computer that are not Universal (ie. they are compiled only for native Intel CPUs, and do not contain a corresponding PowerPC version).

So that means that, in this particular instance, the trojan would be incapable of creating any negative impact on any PowerPC machine which managed to accidentally pick it up. But the fact remains that the vulnerability is still there, so the possibility exists that somebody could recompile a new version of the trojan that did contain a Universal binary to which both Intel and PowerPC Macs would be susceptible.

MonkeySee....
Apr 12, 2012, 07:26 AM
The so-called "no virus on Mac" is now officially dead.

It was doomed to happen eventually, and will only get worse as Mac gain popularity

http://i0.kym-cdn.com/entries/icons/original/000/000/554/facepalm.jpg

kamonohashi
Apr 12, 2012, 08:03 AM
I used this and it said it removed it and then when I restarted my mac i ran the web checker again and it said I still had it?

It is because your system's UUID is still in Kaspersky's database.
If I understand correctly, one of the things the Flashback Trojan does is sending data (containing infected machines' UUIDs) to a bunch of servers, everyday at a certain time.
What Kaspersky did is they set up a fake server which was able to receive this data.
From there, they built a database containing all infected UUIDs, and made a webpage for users to check whether theirs was in it or not.

This webpage and the removal utility are two separate things.
Removing infected files doesn't erase your UUID from the database, so if your machine has been infected at any point in time, you'll always be marked as infected on the webpage. Even if buy a new hard drive and make a completely clean install.

This is totally bogus.. (...)
just do a whois on the website.. its registered via godaddy and no surprises but kaspersky doesn't use godaddy.

Come on. A link to the webpage is on Kaspersky's official website's frontpage.
Top left. "Macs Are No Longer Safe From Hackers".

For the record, I did all the tests on the two Macs I have at home.
Both came up negative with the F-Secure method.
But one came up positive on the Kaspersky site, as well as in the downloadable application.
It is a machine on which I remember installing a very fishy looking Flash "update" a few days ago.
The update in question popped-up out of the blue when my mouse cursor hovered over some ad, on a legitimate, non-Russian website (I think it was Japanese).
I hesitated, but assumed I should be alright because I had an anti-virus (namely Sophos) up and running. So I proceeded with the installation.
Seems I should never assume safety. Hopefully I'll remember it.

Funny thing is I have used Macs and PCs for a very long time, and this is the first time in my whole life I get infected by something this bad.
Back to PC era paranoid online behavior, I guess.
Not going to pay for Kaspersky, though, that's for sure.

Phil A.
Apr 12, 2012, 08:11 AM
If you use Java, that usually simply means that you live in the world of grown ups where people use their computer for business and work and not just to browse through Facebook and YouTube. Whether anyone likes it or not, Java is - and remains - the number one platform for enterprise software and it also still is the most widely used programming language on the globe.

Apple only lost their interest in Java when they realized that enterprises did not want to use Macs and when it became very obvious that Apple had turned into a pure consumer brand.

At last - someone who is talking sense about Java!
If you are doing serious, enterprise level, development there is a good chance it's in Java and using an IDE that's also written in Java...

Krazy Bill
Apr 12, 2012, 08:18 AM
The cure would be to stop using Java.

A very narrow sighted solution and you obviously aren't slave to corporate America. Many of us simply have no choice.

Not getting infected by malware is up to you and your online practices. Uh... really? Have you been following this at all?

digitalrampage
Apr 12, 2012, 08:29 AM
It is because your system's UUID is still in Kaspersky's database.

Come on. A link to the webpage is on Kaspersky's official website's frontpage.
Top left. "Macs Are No Longer Safe From Hackers".

.

Seems all like scaremongering.. My UUID is in their s-called database, but no virus? I guess the potential is that I had it and a OS update/security update cleared it but.. hrm..

I feel better now, but still..

tblrsa
Apr 12, 2012, 08:38 AM
Yes, there seem to be a lot of scaremongering going on. Cui bono?

If you are really paranoid, install Little Snitch. It is a good tool to monitor your outgoing connection attempts.

digitalrampage
Apr 12, 2012, 08:47 AM
Yes, there seem to be a lot of scaremongering going on. Cui bono?

If you are really paranoid, install Little Snitch. It is a good tool to monitor your outgoing connection attempts.

That went on about 5 seconds after I ran the program...

Is it just me, or am I the oldest member in this thread, including Macrumors... lol.

GGJstudios
Apr 12, 2012, 09:57 AM
Just to be clear it's not necessary to disable Java in the Java preferences app then too?
You don't have to uninstall or disable Java on your computer. You only need to disable it in Safari Preferences.
People who don't admit that "virus" and "malware" mean the same thing to most people miss the point.
So because the masses are uninformed, you're suggesting those of us who are informed should simply adopt the same mentality? Everyone move to the lowest common denominator? Not gonna happen! Those who fuss about us making the distinction between viruses and other forms of malware are suggesting exactly that. This is a technical forum. This should be a place where the "masses" can come to get accurate information. So they don't know the difference. If everyone here adopted your thinking, they wouldn't be able to learn the difference, even here. I, for one, would rather continue to be a source for accurate information, no matter now many complain about it. Those who truly want facts will appreciate it. Those trying to stick their head in the sand won't.
Just get off the "virus vs. malware" track
It's not "virus vs malware" A virus IS a form of malware.

A gun is a weapon.
A knife is a weapon.
A gun is not a knife.
A knife is not a gun.
All weapons are not guns.
All weapons are not knives.
Why does it matter what you call it? Because it has everything to do with how you defend against it.

A virus is a form of malware.
A trojan is a form of malware.
A virus is not a trojan.
A trojan is not a virus.
All malware are not viruses.
All malware are not trojans.
Why does it matter what you call it? Because it has everything to do with how you defend against it.

The so-called "no virus on Mac" is now officially dead.
No, it isn't. Read and educate yourself: Mac Virus/Malware FAQ (http://guides.macrumors.com/Mac_Virus/Malware_FAQ)

CrickettGrrrl
Apr 12, 2012, 10:29 AM
But is it true that you can get this so easily from visiting a site? And I'm sure legitimate sites don't get infected with something that makes them spread it to Macs.



A lot of things happened at the same time,” said Mike Geide, senior security researcher at Zscaler ThreatLabZ. “There have been mass compromises of WordPress sites, and the controllers [for those hijacked websites] match the domain structure Doctor Web described. That’s been ongoing since at least early March.”

WordPress is a popular open-source blogging and content management platform used by about one in seven websites.

Those usurped WordPress sites have been redirecting users to malicious URLs, where hackers have hosted the Blackhole exploit kit. Blackhole tries multiple exploits, including several aimed at Java bugs on Macs, to compromise machines.

The sheer size of the WordPress installed base and the scope of the WordPress injection campaign means that it would not have been impossible for hackers to poison more than 600,000 Macs.

The above quote is from:
http://www.macworld.com/article/1166255/security_experts_600_000_plus_estimate_of_mac_botnet_likely_on_target.html

Something (corrective, I hope) was going on with various WordPress sites I follow, over the past week. -And Apple has been working with ISPs etc. to block Flashback malicious URLs.

blewvelvet
Apr 12, 2012, 11:54 AM
"I would guess that way over 16% of Macs are running a pre-Snow Leopard OS."

Hell..I would like to know the percentage of how many are still on Snow Leopard considering no Rosetta on Lion and the other issues that came with Lion???

I think when some of the issues and complaints started rolling in...I still did not upgrade Lion. Watching all my other co-workers..... When you wait and watch other people go through the frustration...you tend to sit on the sides and watch with curiosity and a nice feeling of security.

Once we get Rosetta back in Lion..I will make the move! Otherwise..I will have to flip for thousands of dollars in new software! Not going to do it in this economy.

Sackvillenb
Apr 12, 2012, 01:45 PM
I really wish Apple would take their own security more seriously. Especially since it's such a touted feature of the mac! Now, I realize that mac's are quite safe (compared to pc's), but if I was Apple, I would work harder at maintaing this reputation. When a trojan shows up, at least own up to admit, don't pretend it's not there, and publish an update to fix the breach! Its not like Apple doesn't have the money to do this... Just saying...

jonnysods
Apr 12, 2012, 01:57 PM
Apple, give these guys some money, they just saved your engineers some hassle, although your UI team will get some money still!

garrington
Apr 12, 2012, 04:51 PM
I have a Mac running 10.4.11 I cannot find the UUID. It is NOT under hardware overview... Therefore can't check for flashback. Any ideas?

mijail
Apr 12, 2012, 06:02 PM
OK, I'll bite.

If you use Java, that usually simply means that you live in the world of grown ups

...of bored and boring grown ups...

Whether anyone likes it or not, Java is - and remains - the number one platform for enterprise software and it also still is the most widely used programming language on the globe.

Any data to back that up? I'm genuinely interested, since I started programming professionally in Java and was glad to leave it aside already some years ago.
To begin with, the Tiobe index of language popularity seems to point to C (of all languages!) having surpassed Java, and having been already close since 2010.

Apple only lost their interest in Java when they realized that enterprises did not want to use Macs and when it became very obvious that Apple had turned into a pure consumer brand.

I thought it rather had to do with the sad unability of Java to make any real inroads into consumer software. And I don't think Oracle will make that any better, huh?

C'mon, Whinny. Are you really so emphatically fact-bending in everything? Somehow I expected you'd be like that only about Apple.

faroZ06
Apr 12, 2012, 11:08 PM
Image (http://i0.kym-cdn.com/entries/icons/original/000/000/554/facepalm.jpg)

That comment you replied to deserved that image :)

Not only is this NOT a virus, but Macs have been known for a long time to be vulnerable to malware (and this guy doesn't know the difference).

----------

"I would guess that way over 16% of Macs are running a pre-Snow Leopard OS."

****..I would like to know the percentage of how many are still on Snow Leopard considering no Rosetta on Lion and the other issues that came with Lion???

I think when some of the issues and complaints started rolling in...I still did not upgrade Lion. Watching all my other co-workers..... When you wait and watch other people go through the frustration...you tend to sit on the sides and watch with curiosity and a nice feeling of security.

Once we get Rosetta back in Lion..I will make the move! Otherwise..I will have to flip for thousands of dollars in new software! Not going to do it in this economy.

I'm still in Leopard. Snow Leopard wasn't so great, and Lion is for noobs :rolleyes:

GarageRock
Apr 13, 2012, 07:24 AM
Hey all,

A friend got infected with Flashback, and ran the Kaspersky removal tool, now his mac is all effed up and can`t login. I`m trying to help him out, but he lives 3 hours away.

By his description, it boots, but just stays on the background, and his mouse is moving...everything else is pooched.

What`s sad is I convinced him 2.5 yrs ago to switch to the mac since he was bringing me his PC every month for cleaning....leave it to him to get his mac infected!!

thx

MonkeySee....
Apr 13, 2012, 07:51 AM
Hey all,

A friend got infected with Flashback, and ran the Kaspersky removal tool, now his mac is all effed up and can`t login. I`m trying to help him out, but he lives 3 hours away.

By his description, it boots, but just stays on the background, and his mouse is moving...everything else is pooched.

What`s sad is I convinced him 2.5 yrs ago to switch to the mac since he was bringing me his PC every month for cleaning....leave it to him to get his mac infected!!

thx

I can't help but laugh as Its Ironic that a piece of software made predominantly for windows has trashed his Mac.

Sorry :D

GarageRock
Apr 13, 2012, 08:00 AM
I can't help but laugh as Its Ironic that a piece of software made predominantly for windows has trashed his Mac.

Sorry :D

After he left me a message telling me it was no longer working, I searched online for some help to no avail, called him up, luckily got voicemail, told him I was looking for a solution, then shut off my phone to avoid having him call me back.

He`s nowhere near an Apple Store, so now I`m looking for a service centre near him...maybe they can deal with his uselessness for a while...I have enough with the uselessness of fixing problems with winXP all day!!

MonkeySee....
Apr 13, 2012, 09:07 AM
After he left me a message telling me it was no longer working, I searched online for some help to no avail, called him up, luckily got voicemail, told him I was looking for a solution, then shut off my phone to avoid having him call me back.

He`s nowhere near an Apple Store, so now I`m looking for a service centre near him...maybe they can deal with his uselessness for a while...I have enough with the uselessness of fixing problems with winXP all day!!

I'm sure there is a fix. Has he unplugged it from the wall for 30 seconds or whatever?

RobertMartens
Apr 13, 2012, 09:26 AM
Blah blah blah

Has any credibility been established about these Russians?

I think there is a grain of salt large enough to take on stories like this.

No independent verification of anything.

Just a vested interest making a claims that help them financially.

Do they also sell pills to make men more manly?

Renzatic
Apr 13, 2012, 11:19 AM
Blah blah blah

Has any credibility been established about these Russians?

I think there is a grain of salt large enough to take on stories like this.

No independent verification of anything.

Just a vested interest making a claims that help them financially.

Do they also sell pills to make men more manly?

Sigh...SIGH.

digitalrampage
Apr 16, 2012, 04:28 PM
Blah blah blah

Has any credibility been established about these Russians?



Just get Sarah Palin to watch them.... from her house... :p

AidenShaw
Apr 16, 2012, 07:15 PM
So because the masses are uninformed, you're suggesting those of us who are informed should simply adopt the same mentality?

No. I'm saying that repeatedly posting pedantic multi-screen rants about "malware vs. virus" is pointless.

Most people with an illness don't know or care if they're sick from bacteria or viruses - they want a cure, and hopefully immunization. If their computer is infected, they don't need a lecture in malware taxonomy - they want a cure, and hopefully immunization.


Just get Sarah Palin to watch them.... from her house... :p

LOL.

http://i355.photobucket.com/albums/r467/cosmik_debris_photo/palin-putin-house.jpg