600,000 Macs Worldwide Reportedly Infected by Flashback Trojan

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Apr 5, 2012.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]

    Ars Technica reports on a Tweet from Russian malware analyst Ivan Sorokin at Dr. Web claiming that the Flashback trojan has now infected over 600,000 Macs worldwide. That number reportedly includes 274 machines "from Cupertino", presumably meaning at Apple's headquarters.
    The authors of the Flashback trojan have continued to tweak the software since it first surfaced last September, adjusting its tactics several times to include both social engineering tricks and exploits of vulnerabilities.

    The most recently-seen version of Flashback surfaced earlier this week, exploiting a Java vulnerability that was unpatched on OS X. While Oracle had released an update closing the hole on Windows back in February, Apple had yet to issue a fix for Macs, as the company has historically maintained its own Java updates that are deployed some time after Oracle issues its own corresponding updates. But just a day after that report, Apple did update Java to address the vulnerability being exploited by Flashback.

    Antivirus firm F-Secure has instructions on how users can determine whether their machines are infected by the Flashback trojan. The instructions do involve running commands in Terminal, and users should thus take care to follow the instructions exactly.

    Article Link: 600,000 Macs Worldwide Reportedly Infected by Flashback Trojan
     
  2. macrumors 6502a

    Joined:
    May 26, 2009
    #2
    Here we go again....

    At least it appears to be easier to remove than a Windows style malware infection...
     
  3. macrumors 68030

    Joined:
    Jul 30, 2003
    #3
    One more reason to keep Java disabled in my browsers, Java gets patched more often every year than I actually need Java in a browser.
     
  4. macrumors 68030

    basesloaded190

    Joined:
    Oct 16, 2007
    Location:
    Wisconsin
    #4
    I'm usually against cruel and unusual punishment, but people who spend their life creating these Trojans and other things need to be punished appropriately.
     
  5. macrumors G4

    Joined:
    Oct 23, 2010
    #5
    Hopefully Apple is out with a malware cleaner sooner rather than later. I'd guess that most people don't know Terminal exists, let alone know how to use it.

    Apple does need to do a better job of getting these patches out sooner. The Java fix was available in February. Perhaps they need something like Microsoft's "Patch Tuesday."
     
  6. macrumors 6502

    Joined:
    Jan 3, 2002
    #6
    Curious, how is the virus being delivered? Example: Email, Pop Up ad, ect...
     
  7. macrumors 65816

    Joined:
    Sep 23, 2008
    #7
    From the instructions:
    So if you have any of these apps installed, you should be alright?
     
  8. macrumors 6502

    chrisperro

    Joined:
    Oct 24, 2009
    Location:
    canada
    #8
    clean here, update your system often and you should not run into this trojans...
    The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

    For those who want to check if mac is infected (from F-Secure instructions):
    Run the following command in terminal:

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment
    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    If you get "The domain/default pair ... does not exist" for both - you are clean


    from 9to5mac
     
  9. macrumors member

    Joined:
    Sep 1, 2011
    #9
    Totally clean here. I'm not someone who goes around clicking on anything online or even anything that pops up on the computer. I've learned plenty from using PCs. I figure most of the people who get this are probably those who aren't able to keep a windows machine clean or assume that OSX (or any OS for that matter) is bulletproof. I do love how much better my Mac is at security though :D
     
  10. macrumors 6502a

    Joined:
    May 26, 2009
    #10
    What if you just have the path without the app installed?
     
  11. macrumors member

    Joined:
    Feb 28, 2010
    #11
    If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?

    Interesting.
     
  12. macrumors 65816

    jackc

    Joined:
    Oct 19, 2003
    #12
    Screw it, the instructions look pretty long
     
  13. macrumors 65816

    Bernard SG

    Joined:
    Jul 3, 2010
    #13
    What's quite mysterious is how does that "Dr. Web" company do to estimate that number of infected Macs?

    Edit: okay I found out. It's probably with a technique called "Sinkholing".
     
  14. macrumors 68000

    Joined:
    Mar 6, 2008
    #14
    This is exactly what I illustrated before, fact of the matter is that not all users are computer savvy, not everyone will know what is safe and what's isn't.. That is why these Trojan etc.. Can indeed be a problem to some users..
     
  15. macrumors 68040

    Dr McKay

    Joined:
    Aug 11, 2010
    Location:
    Kirkland
    #15
    Here comes the debate between the definitions of "Malware" and "Virus"
     
  16. macrumors 6502a

    Starflyer

    Joined:
    Jan 22, 2003
    #16
    I guess it feels that we are suffering enough already with these installed. Hmm, this must be a new, more compassionate trojan.
     
  17. macrumors 6502a

    Joined:
    Mar 11, 2003
    Location:
    so cal
    #17
    Right. Also, you are alright if you have Office 2008, Office 2011, or Skype installed on your system. So, pretty much everyone ;)
     
  18. macrumors 6502

    Joined:
    Nov 5, 2009
    #18
    You only need to run the two commands.

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment
    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    Copy and paste chisperro's two lines into a terminal.
     
  19. macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    上海 (Shanghai)
    #19
    This is bad news for light users, the ones that hated Windows because it was more difficult to learn and don't do much on their computers (so they lack these "preventive" applications leading them would be more likely to be infected).
     
  20. macrumors member

    Joined:
    Apr 11, 2010
    #20
    That's because any of those is already malware :)
     
  21. macrumors 6502a

    Joined:
    May 12, 2009
    Location:
    iDeaded myself
    #21
    This is very bad news for consumers who should be safe from these problems when using a Mac. But it's important to note a trojan is not a virus. So we're still well ahead of Windoze users.
     
  22. macrumors 6502a

    Joined:
    Nov 10, 2003
    Location:
    outside the crazy house, NC
    #22
    Humans can't get malware.
     
  23. macrumors 6502

    Joined:
    Jul 24, 2004
    #23
    The app is part of the path.
     
  24. macrumors member

    Joined:
    Apr 11, 2010
    #24
    Before going into panic mode, try to analyse what you have here. End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that.

    You cannot protect ignorant people, even if you like.

    Difference here is that you only get infected if you explicitly allow malware to run. In MS world you get infected without even knowing it.
     
  25. macrumors 65816

    Joined:
    Jun 20, 2009
    Location:
    Lincoln, UK
    #25
    Time to install that patch I think.
     

Share This Page