Apple Updates Anti-Malware Tools to Address New Trojan Threat

harrisondavies · Sep 26, 2011

This article is pretty useless, it doesn't tell you how to avoid this particular malware. I can't suddenly stop downloading PDF's for fear that some nutjob 10 year old with some skillz in programming or some bunch of data thieving criminals have infected the PDF I want.

If you are going to warn us, be specific.

Thanks for the heads up though.

Beaubarre · Sep 26, 2011

I've always wondered: if I'm using a public Wifi, like a Macbook in an airport, if the DNS is hijacked can it just direct the flash updater program to a false adobe update site and infect automatically your computer with a trojan ?

It seems a very easy way to infect Macs, hope flash updater has some sort of security to prevent this.

AppleScruff1 · Sep 26, 2011

There are no threats. The only trojan is the one behind the keyboard.

locust76 · Sep 26, 2011

topmounter said:
I'm confused, when did Malware become classified as a Virus?

Viruses, Malware, Trojans... it's all the same *****. In fact, Viruses are Malware, since Malware is Malicious Software. Either way, you're looking at data loss and/or theft.

Stick that in your pedantic pipe and smoke it

Demigod Mac · Sep 26, 2011

harrisondavies said:
This article is pretty useless, it doesn't tell you how to avoid this particular malware.

Users requiring Adobe's Flash Player software are of course advised to download it directly from Adobe's site rather than attempting to install it from sites which may be trying to trick users into installing malware.

Trojans and Viruses are different in the method they infect a computer.
Once they're on, they do similar things, but knowing the difference of how they infect your computer is important.

A Virus is potentially scarier than a Trojan because it can attach itself to legitimate files and self-replicate - without the user being aware that anything is amiss until it's too late. The flipside to this is, modern operating systems (including OS X) are far more resistant to viruses and won't allow code to execute itself automatically without going through several security checks. So viruses aren't nearly as common as they used to be.

A Trojan needs to trick the user into installing it before it can do any damage. That's the price we pay for being able to run any program we want on our Macs without needing Apple to approve them first - someone can make a bad program and fool us into thinking it's good. Once you give the program permission to run, OS X will get out of its way. If it turns out it's a malicious program, it's your fault for allowing it to run, not OS X's.

locust76 · Sep 26, 2011

Beaubarre said:
I've always wondered: if I'm using a public Wifi, like a Macbook in an airport, if the DNS is hijacked can it just direct the flash updater program to a false adobe update site and infect automatically your computer with a trojan ?

Theoretically, yes, though I imagine Adobe has some kind of encryption code or key that lets existing installations know that a certain update is legitimate. Otherwise it would be too easy to just set up a few servers somewhere, poison the DNS tables worldwide and infect every computer looking for flash updates within a day or two.

It seems a very easy way to infect Macs, hope flash updater has some sort of security to prevent this.

It's easy to infect computers period, because the users are careless and don't understand what it is they're doing.

DoctorBrown · Sep 26, 2011

Does any one knows under which name the malware is running?

topmounter · Sep 26, 2011

locust76 said:
Viruses, Malware, Trojans... it's all the same *****. In fact, Viruses are Malware, since Malware is Malicious Software. Either way, you're looking at data loss and/or theft.

Stick that in your pedantic pipe and smoke it

Actually it is not "all the same", but I'll defer to your eRage.

Demigod Mac · Sep 26, 2011

Let's say I write a program that erases your entire hard drive in one click, and I label it "Hard Drive Eraser" and upload it to Download.com. Legitimate, not malicious, not a security threat because I clearly state what it does, correct?

Now let's say I take the exact same program, but label it, "Adobe Flash Updater" and email it to grandma and tell her she needs to install it to watch a video on the web. She trusts me, runs it and her computer gets wiped. Is it OS X's fault that this happened? Does it mean OS X has weak security?

Nope. But things could be improved this way:

Apple creates a walled garden environment with the Mac App Store where only Apple-approved programs go up (similar to iOS)

By default, OS X would not allow installation of non-App Store programs. But there would be an option in the system prefs that disables this and allows any code to be run. It'll be fairly easy for computer savvy users to find, but for newbies it will require some effort. So when they next visit an infected page that tries to get them to install a fake update, the program will not run at all.

AnthonyChavez03 · Sep 26, 2011

bbdd005 said:
how do we know if we may have this?? Had the flash thing pop up a few days ago... hoping it was a legit flash update

I've also installed an update a few days ago that was not directly from the Adobe Website...It popped up during some video I wanted to watch. How do we know if we have been fooled?

dOoBiX · Sep 26, 2011

Mal said:
I'm wondering if I came across that second one yesterday. I pulled up a video and got a pop-up that looked very authentic asking me to update my Flash Player. I closed it without clicking anywhere within it, and nothing downloaded, but I may have dodged a bullet by not installing it. I consider myself a very educated Mac user, but even I might have been convinced if that was it, had I not been in a hurry and not willing to wait for it to install.

I installed a flash update yesterday, and after reading this article, it got me worried. So I checked the CNET article and they have screenshots of the fake and real flash installers. My mac is good... for now.

Fake:

Real:

WardC · Sep 26, 2011

Update for PowerPC Macs? I think not...according to the Apple support site, as of September 13th, they have dropped support entirely for all PPC Macs, including the G5.

greenbulb · Sep 26, 2011

Its good to see that apple actually update their os to stop this trojan threat. If only windows was as reliable...

acidfast7 · Sep 26, 2011

any solution for Leopard?

KingCrimson · Sep 26, 2011

Haha! I thought Macs were impervious to viruses & trojans! Haha!!!! I'm laughing at *LTD* and the "superior intellect".

TheSideshow · Sep 26, 2011

greenbulb said:
Its good to see that apple actually update their os to stop this trojan threat. If only windows was as reliable...

Are you aware of how Windows handles these at this time? Seems not.

Oletros · Sep 26, 2011

locust76 said:
Shut up you fool.

Viruses, Malware, Trojans... it's all the same *****. In fact, Viruses are Malware, since Malware is Malicious Software. Either way, you're looking at data loss and/or theft.

Stick that in your pedantic pipe and smoke it

Mmmm, ALL viruses are malware, not all malware are viruses

iArch · Sep 26, 2011

dOoBiX said:
I installed a flash update yesterday, and after reading this article, it got me worried. So I checked the CNET article and they have screenshots of the fake and real flash installers. My mac is good... for now.

dOoBiX, thanks for posting that.

Speedy2 · Sep 26, 2011

And so it begins.

munkery · Sep 26, 2011

acidfast7 said:
any solution for Leopard?

See #10 in the "Mac Security Suggestions" link in my sig.

sulliweb · Sep 26, 2011

Demigod Mac said:
A Trojan needs to trick the user into installing it before it can do any damage. That's the price we pay for being able to run any program we want on our Macs without needing Apple to approve them first - someone can make a bad program and fool us into thinking it's good. Once you give the program permission to run, OS X will get out of its way. If it turns out it's a malicious program, it's your fault for allowing it to run, not OS X's.

Yes and no... We've seen a couple of minor exploits in iOS (ie - Jailbreakme.com) where a site gained root level access without Apple's permission in an arena supposedly completely controlled by Apple. There is no such thing as a perfectly secure OS. Apple does a better job than Windows in some respects, but Win 7 is remarkably better in that regard. Also, MS now provides free AV protection as well, cleaning up their own mess, so to speak...

I know I'll get blasted for saying it, but Windows and Macs are mostly being targeted the same way now (Windows more so, but there are still more Windows boxes out there). It's all about tricking the user, not breaking the system. Both OS's are reasonably rock solid when it comes to system attacks... Windows patches more often, but really, they haven't had anything in the way of major attacks in a great while... Conficker happened when? And it was kind of a dud in a lot of ways... Pretty much, now the user has to allow stuff to happen outside of their profile.

D.T. · Sep 26, 2011

gmcalpin said:
This is not a virus. It's a Trojan horse. They are two very different kinds of malware.

That's called comic license ... I thought it was was funnier with virus/bugs

I'm going to have to start posting a link to my CV so people won't be compelled need to come in and 'splain things to me

Though the quoted post was probably helpful for the "civilians".

Speedy2 · Sep 26, 2011

Demigod Mac said:
Now let's say I take the exact same program, but label it, "Adobe Flash Updater" and email it to grandma and tell her she needs to install it to watch a video on the web. She trusts me, runs it and her computer gets wiped. Is it OS X's fault that this happened? Does it mean OS X has weak security?

Bad example.
Yes, because no program should be allowed to wipe the computer without VERY CLEAR and scary warnings that will Grandma make click "no" or call you and tell her what to do.

Windows actually put similar measures in place with its initially-but-now-not-so-much-widely hated UAC. The scariest thing Mac OS comes up with in this case is a password prompt.

But I guess, your point was a different one. There is no absolutely security, and if a user runs a program, he or she is pretty much on their own.

TheSideshow · Sep 26, 2011

sulliweb said:
Yes and no... We've seen a couple of minor exploits in iOS (ie - Jailbreakme.com) where a site gained root level access without Apple's permission in an arena supposedly completely controlled by Apple. There is no such thing as a perfectly secure OS. Apple does a better job than Windows in some respects, but Win 7 is remarkably better in that regard. Also, MS now provides free AV protection as well, cleaning up their own mess, so to speak...

I know I'll get blasted for saying it, but Windows and Macs are mostly being targeted the same way now (Windows more so, but there are still more Windows boxes out there). It's all about tricking the user, not breaking the system. Both OS's are reasonably rock solid when it comes to system attacks... Windows patches more often, but really, they haven't had anything in the way of major attacks in a great while... Conficker happened when? And it was kind of a dud in a lot of ways... Pretty much, now the user has to allow stuff to happen outside of their profile.

Thank you! I wish people would realize this. "virus infested Windows" is not really true at all anymore.

"Trojan attacked Windows" may be, but thats the case for any OS.

B.LI · Sep 26, 2011

Damnn.. hope not that not many macs got infected

Just wondering, so the improvements to prevent these threats will be automatically be updated to our mac systems?

Apple Updates Anti-Malware Tools to Address New Trojan Threat

macrumors 6502

macrumors newbie

macrumors G4

macrumors 6502a

macrumors 6502a

macrumors 6502a

macrumors newbie

macrumors 68030

macrumors 6502a

macrumors newbie

macrumors newbie

macrumors 68030

macrumors newbie

macrumors 65816

macrumors 65816

macrumors 6502

macrumors 603

macrumors regular

macrumors 65816

macrumors 68020

macrumors 6502

macrumors G4

macrumors 65816

macrumors 6502

macrumors regular

Our Staff