600,000 Macs Worldwide Reportedly Infected by Flashback Trojan

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Apr 5, 2012.

  1. macrumors bot


    Apr 12, 2001


    Ars Technica reports on a Tweet from Russian malware analyst Ivan Sorokin at Dr. Web claiming that the Flashback trojan has now infected over 600,000 Macs worldwide. That number reportedly includes 274 machines "from Cupertino", presumably meaning at Apple's headquarters.
    The authors of the Flashback trojan have continued to tweak the software since it first surfaced last September, adjusting its tactics several times to include both social engineering tricks and exploits of vulnerabilities.

    The most recently-seen version of Flashback surfaced earlier this week, exploiting a Java vulnerability that was unpatched on OS X. While Oracle had released an update closing the hole on Windows back in February, Apple had yet to issue a fix for Macs, as the company has historically maintained its own Java updates that are deployed some time after Oracle issues its own corresponding updates. But just a day after that report, Apple did update Java to address the vulnerability being exploited by Flashback.

    Antivirus firm F-Secure has instructions on how users can determine whether their machines are infected by the Flashback trojan. The instructions do involve running commands in Terminal, and users should thus take care to follow the instructions exactly.

    Article Link: 600,000 Macs Worldwide Reportedly Infected by Flashback Trojan
  2. macrumors 6502a

    May 26, 2009
    Here we go again....

    At least it appears to be easier to remove than a Windows style malware infection...
  3. macrumors 68040

    Jul 30, 2003
    One more reason to keep Java disabled in my browsers, Java gets patched more often every year than I actually need Java in a browser.
  4. macrumors 68030


    Oct 16, 2007
    I'm usually against cruel and unusual punishment, but people who spend their life creating these Trojans and other things need to be punished appropriately.
  5. macrumors G4

    Oct 23, 2010
    Hopefully Apple is out with a malware cleaner sooner rather than later. I'd guess that most people don't know Terminal exists, let alone know how to use it.

    Apple does need to do a better job of getting these patches out sooner. The Java fix was available in February. Perhaps they need something like Microsoft's "Patch Tuesday."
  6. macrumors 6502

    Jan 3, 2002
    Curious, how is the virus being delivered? Example: Email, Pop Up ad, ect...
  7. macrumors 68020

    Sep 23, 2008
    From the instructions:
    So if you have any of these apps installed, you should be alright?
  8. macrumors 6502


    Oct 24, 2009
    clean here, update your system often and you should not run into this trojans...
    The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

    For those who want to check if mac is infected (from F-Secure instructions):
    Run the following command in terminal:

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment
    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    If you get "The domain/default pair ... does not exist" for both - you are clean

    from 9to5mac
  9. macrumors member

    Sep 1, 2011
    Totally clean here. I'm not someone who goes around clicking on anything online or even anything that pops up on the computer. I've learned plenty from using PCs. I figure most of the people who get this are probably those who aren't able to keep a windows machine clean or assume that OSX (or any OS for that matter) is bulletproof. I do love how much better my Mac is at security though :D
  10. macrumors 6502a

    May 26, 2009
    What if you just have the path without the app installed?
  11. macrumors member

    Feb 28, 2010
    If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?

  12. macrumors 65816


    Oct 19, 2003
  13. macrumors 65816

    Bernard SG

    Jul 3, 2010
    What's quite mysterious is how does that "Dr. Web" company do to estimate that number of infected Macs?

    Edit: okay I found out. It's probably with a technique called "Sinkholing".
  14. macrumors 68000

    Mar 6, 2008
    This is exactly what I illustrated before, fact of the matter is that not all users are computer savvy, not everyone will know what is safe and what's isn't.. That is why these Trojan etc.. Can indeed be a problem to some users..
  15. macrumors 68040

    Dr McKay

    Aug 11, 2010
    Here comes the debate between the definitions of "Malware" and "Virus"
  16. macrumors 6502a


    Jan 22, 2003
    I guess it feels that we are suffering enough already with these installed. Hmm, this must be a new, more compassionate trojan.
  17. macrumors 6502a

    Mar 11, 2003
    so cal
    Right. Also, you are alright if you have Office 2008, Office 2011, or Skype installed on your system. So, pretty much everyone ;)
  18. macrumors 6502


    Nov 5, 2009
    You only need to run the two commands.

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment
    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    Copy and paste chisperro's two lines into a terminal.
  19. macrumors Core


    Feb 9, 2008
    San Jose (CA)
    This is bad news for light users, the ones that hated Windows because it was more difficult to learn and don't do much on their computers (so they lack these "preventive" applications leading them would be more likely to be infected).
  20. macrumors member

    Apr 11, 2010
    That's because any of those is already malware :)
  21. macrumors 6502a

    May 12, 2009
    iDeaded myself
    This is very bad news for consumers who should be safe from these problems when using a Mac. But it's important to note a trojan is not a virus. So we're still well ahead of Windoze users.
  22. macrumors 6502a

    Nov 10, 2003
    outside the crazy house, NC
    Humans can't get malware.
  23. macrumors 6502

    Jul 24, 2004
    The app is part of the path.
  24. macrumors member

    Apr 11, 2010
    Before going into panic mode, try to analyse what you have here. End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that.

    You cannot protect ignorant people, even if you like.

    Difference here is that you only get infected if you explicitly allow malware to run. In MS world you get infected without even knowing it.
  25. macrumors 65816

    Jun 20, 2009
    Lincoln, UK
    Time to install that patch I think.

Share This Page