Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Apr 5, 2012, 08:41 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
600,000 Macs Worldwide Reportedly Infected by Flashback Trojan






Ars Technica reports on a Tweet from Russian malware analyst Ivan Sorokin at Dr. Web claiming that the Flashback trojan has now infected over 600,000 Macs worldwide. That number reportedly includes 274 machines "from Cupertino", presumably meaning at Apple's headquarters.
Quote:
According to Dr. Web, the 57 percent of the infected Macs are located in the US and 20 percent are in Canada. Like older versions of the malware, the latest Flashback variant searches an infected Mac for a number of antivirus applications before generating a list of botnet control servers and beginning the process of checking in with them.
The authors of the Flashback trojan have continued to tweak the software since it first surfaced last September, adjusting its tactics several times to include both social engineering tricks and exploits of vulnerabilities.

The most recently-seen version of Flashback surfaced earlier this week, exploiting a Java vulnerability that was unpatched on OS X. While Oracle had released an update closing the hole on Windows back in February, Apple had yet to issue a fix for Macs, as the company has historically maintained its own Java updates that are deployed some time after Oracle issues its own corresponding updates. But just a day after that report, Apple did update Java to address the vulnerability being exploited by Flashback.

Antivirus firm F-Secure has instructions on how users can determine whether their machines are infected by the Flashback trojan. The instructions do involve running commands in Terminal, and users should thus take care to follow the instructions exactly.

Article Link: 600,000 Macs Worldwide Reportedly Infected by Flashback Trojan
MacRumors is offline   0 Reply With Quote
Old Apr 5, 2012, 08:47 AM   #2
jman240
macrumors 6502a
 
Join Date: May 2009
Here we go again....

At least it appears to be easier to remove than a Windows style malware infection...
jman240 is offline   -25 Reply With Quote
Old Apr 5, 2012, 08:47 AM   #3
manu chao
macrumors 68020
 
Join Date: Jul 2003
One more reason to keep Java disabled in my browsers, Java gets patched more often every year than I actually need Java in a browser.
manu chao is offline   7 Reply With Quote
Old Apr 5, 2012, 08:48 AM   #4
basesloaded190
macrumors 68030
 
basesloaded190's Avatar
 
Join Date: Oct 2007
Location: Wisconsin
Send a message via AIM to basesloaded190
I'm usually against cruel and unusual punishment, but people who spend their life creating these Trojans and other things need to be punished appropriately.
__________________
2011 MacBook Pro 15 HR Anti-Glare, Etymotic ER-4p, iPhone 4 32GB
Twitter
basesloaded190 is offline   32 Reply With Quote
Old Apr 5, 2012, 08:49 AM   #5
KPOM
macrumors G3
 
Join Date: Oct 2010
Hopefully Apple is out with a malware cleaner sooner rather than later. I'd guess that most people don't know Terminal exists, let alone know how to use it.

Apple does need to do a better job of getting these patches out sooner. The Java fix was available in February. Perhaps they need something like Microsoft's "Patch Tuesday."
KPOM is online now   12 Reply With Quote
Old Apr 5, 2012, 08:49 AM   #6
Meandmunch
macrumors 6502
 
Join Date: Jan 2002
Curious, how is the virus being delivered? Example: Email, Pop Up ad, ect...
__________________
GIBBS
Meandmunch is offline   0 Reply With Quote
Old Apr 5, 2012, 08:50 AM   #7
KALLT
macrumors 6502a
 
Join Date: Sep 2008
From the instructions:
Quote:
On execution, the malware checks if the following path exists in the system:

/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app

If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.
So if you have any of these apps installed, you should be alright?
KALLT is offline   5 Reply With Quote
Old Apr 5, 2012, 08:51 AM   #8
chrisperro
macrumors 6502
 
Join Date: Oct 2009
Location: canada
clean here, update your system often and you should not run into this trojans...
The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

For those who want to check if mac is infected (from F-Secure instructions):
Run the following command in terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get "The domain/default pair ... does not exist" for both - you are clean


from 9to5mac
chrisperro is offline   42 Reply With Quote
Old Apr 5, 2012, 08:51 AM   #9
Canaan
macrumors member
 
Join Date: Sep 2011
Totally clean here. I'm not someone who goes around clicking on anything online or even anything that pops up on the computer. I've learned plenty from using PCs. I figure most of the people who get this are probably those who aren't able to keep a windows machine clean or assume that OSX (or any OS for that matter) is bulletproof. I do love how much better my Mac is at security though
Canaan is offline   1 Reply With Quote
Old Apr 5, 2012, 08:52 AM   #10
jman240
macrumors 6502a
 
Join Date: May 2009
Quote:
Originally Posted by KALLT View Post
From the instructions:
So if you have any of these apps installed, you should be alright?
What if you just have the path without the app installed?
jman240 is offline   1 Reply With Quote
Old Apr 5, 2012, 08:52 AM   #11
skerfoot
macrumors member
 
Join Date: Feb 2010
If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?

Interesting.
skerfoot is offline   2 Reply With Quote
Old Apr 5, 2012, 08:54 AM   #12
jackc
macrumors 65816
 
Join Date: Oct 2003
Screw it, the instructions look pretty long
jackc is offline   -6 Reply With Quote
Old Apr 5, 2012, 08:54 AM   #13
Bernard SG
macrumors 65816
 
Bernard SG's Avatar
 
Join Date: Jul 2010
What's quite mysterious is how does that "Dr. Web" company do to estimate that number of infected Macs?

Edit: okay I found out. It's probably with a technique called "Sinkholing".
__________________
21" 2008 iMac, 13" MBP, 32Gb iPod Touch 4, 2002 eMac, iPod Touch 2 8GB, iPod Nano 1st gen, iPad 3 white 32 GB 3G, iPhone 5 16 GB. Uhmm... Fanboi!
Bernard SG is offline   1 Reply With Quote
Old Apr 5, 2012, 08:55 AM   #14
Yamcha
macrumors 68000
 
Join Date: Mar 2008
This is exactly what I illustrated before, fact of the matter is that not all users are computer savvy, not everyone will know what is safe and what's isn't.. That is why these Trojan etc.. Can indeed be a problem to some users..
Yamcha is offline   8 Reply With Quote
Old Apr 5, 2012, 08:55 AM   #15
Dr McKay
macrumors 68040
 
Dr McKay's Avatar
 
Join Date: Aug 2010
Location: Kirkland
Send a message via MSN to Dr McKay Send a message via Skype™ to Dr McKay
Here comes the debate between the definitions of "Malware" and "Virus"
__________________
If only I could be so grossly incandescent.
Dr McKay is offline   -6 Reply With Quote
Old Apr 5, 2012, 08:55 AM   #16
Starflyer
macrumors 6502a
 
Join Date: Jan 2003
Quote:
Originally Posted by skerfoot View Post
If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?

Interesting.
I guess it feels that we are suffering enough already with these installed. Hmm, this must be a new, more compassionate trojan.
__________________
27" iMac 3.5GHz i7/24GB/3TB Fusion/4GB VRAM | 15" rMBP/8GB/256GB | 64GB iPhone+ White | 16GB iPad Mini White
Starflyer is offline   29 Reply With Quote
Old Apr 5, 2012, 08:56 AM   #17
scoobydoo99
macrumors 6502a
 
Join Date: Mar 2003
Location: so cal
Quote:
Originally Posted by KALLT View Post
From the instructions:
So if you have any of these apps installed, you should be alright?
Right. Also, you are alright if you have Office 2008, Office 2011, or Skype installed on your system. So, pretty much everyone
__________________
scoob
scoobydoo99 is offline   -6 Reply With Quote
Old Apr 5, 2012, 08:59 AM   #18
tunerX
macrumors 6502
 
Join Date: Nov 2009
Quote:
Originally Posted by jackc View Post
Screw it, the instructions look pretty long
You only need to run the two commands.

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

Copy and paste chisperro's two lines into a terminal.
__________________
Stuff!
tunerX is offline   13 Reply With Quote
Old Apr 5, 2012, 09:01 AM   #19
alphaod
macrumors Core
 
alphaod's Avatar
 
Join Date: Feb 2008
Location: 上海 (Shanghai)
This is bad news for light users, the ones that hated Windows because it was more difficult to learn and don't do much on their computers (so they lack these "preventive" applications leading them would be more likely to be infected).
__________________
Mac Pro | Mac mini | 15" MacBook Pro | iPad Air | iPhone 6
alphaod is offline   2 Reply With Quote
Old Apr 5, 2012, 09:02 AM   #20
varera
macrumors member
 
Join Date: Apr 2010
Quote:
Originally Posted by skerfoot View Post
If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?

Interesting.
That's because any of those is already malware :-)
varera is offline   0 Reply With Quote
Old Apr 5, 2012, 09:02 AM   #21
314631
Banned
 
Join Date: May 2009
Location: iDeaded myself
This is very bad news for consumers who should be safe from these problems when using a Mac. But it's important to note a trojan is not a virus. So we're still well ahead of Windoze users.
314631 is offline   -14 Reply With Quote
Old Apr 5, 2012, 09:02 AM   #22
ArcaneDevice
macrumors 6502a
 
Join Date: Nov 2003
Location: outside the crazy house, NC
Quote:
Originally Posted by Benjy91 View Post
Here comes the debate between the definitions of "Malware" and "Virus"
Humans can't get malware.
ArcaneDevice is offline   21 Reply With Quote
Old Apr 5, 2012, 09:03 AM   #23
lkrupp
macrumors 6502
 
Join Date: Jul 2004
Quote:
Originally Posted by jman240 View Post
What if you just have the path without the app installed?
The app is part of the path.
lkrupp is offline   2 Reply With Quote
Old Apr 5, 2012, 09:07 AM   #24
varera
macrumors member
 
Join Date: Apr 2010
Quote:
Originally Posted by alphaod View Post
This is bad news for light users, the ones that hated Windows because it was more difficult to learn and don't do much on their computers (so they lack these "preventive" applications leading them would be more likely to be infected).
Before going into panic mode, try to analyse what you have here. End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that.

You cannot protect ignorant people, even if you like.

Difference here is that you only get infected if you explicitly allow malware to run. In MS world you get infected without even knowing it.
varera is offline   -12 Reply With Quote
Old Apr 5, 2012, 09:08 AM   #25
Moonjumper
macrumors 65816
 
Join Date: Jun 2009
Location: Lincoln, UK
Quote:
Originally Posted by MacRumors View Post
But just a day after that report, Apple did update Java to address the vulnerability being exploited by Flashback.
Time to install that patch I think.
Moonjumper is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
World Live Cams Pro iOS app with 10,000 real time CCTV surveillance cameras worldwide j.walsh iPhone and iPod touch Apps 8 Mar 25, 2014 06:27 PM
Who would you pay $600,000 to talk to? inscrewtable Current Events 50 May 25, 2013 07:45 PM
$2,000+ and Apple helps to Trojan my laptop? DVD9 MacBook Pro 6 Jan 16, 2013 01:14 PM
Apple Reportedly Strikes Deal with Broadcom to Add 802.11ac Gigabit Wi-Fi to 2013 Macs MacRumors MacRumors.com News Discussion 125 Jan 12, 2013 10:52 AM

Forum Jump

All times are GMT -5. The time now is 01:01 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC