Tweaked Trojan Disables Automatic Updating of OS X Anti-Malware Tools

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Oct 19, 2011.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Last month, we noted as part of a report on an update to the anti-malware tools in OS X that a new trojan horse threat known as Flashback.A had surfaced, with the malware masquerading as a Flash Player installer. While Apple has continued to update its XProtect.plist to detect Flashback.A, security firm F-Secure now reports (via ZDNet) that a revised version of the trojan which disables the auto-updating feature of Apple's anti-malware tools has appeared.
    The report walks through how the modified trojan overwrites XProtectUpdater files, preventing infected systems from performing their daily check for updated malware definitions and thus keeping the door open for future attacks.

    [​IMG]


    Flashback.C installer
    The Flashback.C trojan is capable of connecting to a remote host in order to download and execute further code, but it is unclear what the exploit is being used for at this time. Users are of course advised to download Flash Player and other software from trusted sources so as to avoid infecting their systems with trojans such as Flashback.C.

    Update: MacRumors has heard and Sophos has confirmed that Apple had already updated its XProtect.plist entries to detect Flashback.C by the time news of it broke to the public. Consequently, users encountering the malware on Mac OS X Snow Leopard or OS X Lion should be automatically warned of the threat prior to mounting the package.

    Article Link: Tweaked Trojan Disables Automatic Updating of OS X Anti-Malware Tools
     
  2. macrumors 65816

    Joined:
    Aug 1, 2010
    Location:
    Illinois
    #2
    i tH0uGh7 m4c d0Nt g3T v1rus
     
  3. macrumors 6502

    Joined:
    Jan 28, 2011
    Location:
    Livingston, Scotland
    #3
    They don't, this is a Trojan. Big difference :rolleyes:
     
  4. macrumors 6502a

    Aduntu

    Joined:
    Mar 29, 2010
    #4
    Your sarcasm meter is obviously broken.
     
  5. macrumors 6502a

    Joined:
    Aug 8, 2010
    #5
    tRoj4n is n0t v1rus.
     
  6. macrumors 6502a

    Joined:
    May 19, 2010
    Location:
    Northern, VA
    #6
    OH noes!!!
     
  7. macrumors 6502

    bender o

    Joined:
    Mar 14, 2009
    #7
    Damn you Flash!! When are you gonna go extinct!! you suck!!
     
  8. macrumors 6502

    Joined:
    Jun 24, 2009
    #8
    The Reality Distortion Field that previously protected all Macs from all attacks appears to have dissipated.
     
  9. macrumors 65816

    iStudentUK

    Joined:
    Mar 8, 2009
    Location:
    London
    #9
    Quick everyone download MacDefender!


    (My team of lawyers require me to note that I'm not actually suggesting anyone download MacDefender.)
     
  10. macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
    #10
    It's happening more and more.
     
  11. macrumors 65816

    Joined:
    Oct 4, 2005
    Location:
    Toronto, Canada
    #11
    I don't understand why these fools waste everyone's time by writing viruses, and I mean for any platform. Can't they put that energy and effort into something positive? :mad:
     
  12. macrumors 6502a

    igazza

    Joined:
    Aug 7, 2007
    Location:
    earth
    #12
    iOS is the future :)
     
  13. macrumors 6502a

    Mad-B-One

    Joined:
    Jun 24, 2011
    Location:
    Southern Plains
    #13
    It changed size and is only hovering over iOS at this time.

    Would be a solution. Two Trojan horses fighting each other. Maybe they block each other then? Someone please try that in a VM :D
     
  14. macrumors 6502

    Joined:
    Nov 5, 2010
    Location:
    Sea of Tranquility
    #14
    So have they managed to scare anyone?
     
  15. macrumors 6502a

    Joined:
    May 19, 2010
    Location:
    Northern, VA
    #15
    I'm actually with ya on that. I feel so bad when anyone on any platform has to deal with this crap. Lock as many up as possible and throw em in camps. Put em on a PPV where they are tortured like in Hostel, they'll learn sooner or later.

    Not actually serious about torture and stuff to be clear.
     
  16. macrumors regular

    Joined:
    Jun 9, 2010
    #16
    Looks like this could be a leadup into needing anti-virus/anti-malware/anti-spyware on the Mac.
     
  17. macrumors 6502a

    hobo.hopkins

    Joined:
    Jul 30, 2008
    #17
    I foresee this discussion degrading very quickly...

    In reality all one needs to do is be cautious of where they are downloading files, and this wouldn't be a problem.
     
  18. macrumors member

    tubular

    Joined:
    Oct 19, 2011
    #18
    A couple questions

    1 - how can we tell if a machine is infected?
    2 - how, if infected, can we remove it, short of a clean install?
     
  19. macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #19
    Oh, god, here we go again with the virus vs malware vs trojan vs etc., etc.

    Malware is a generic category (malicious software). Viruses, trojans, spyware and all other crap that f***ks with your computer are malware.

    Macs have never been infected by a virus up to this date. Yes, it is possible sometime in the future a virus could be developed that will infect a Mac. Nothing to this date!

    Trojan is NOT a virus - it is a form of malware. Unlike a virus which can infect a computer without action on the part of the user, trojans have to be invited in. In short - the user has to screw up.

    The best defense is an educated user.

    (GGJstudios - How did I do?? :D :p:p)
     
  20. macrumors newbie

    Joined:
    Oct 19, 2011
    #20
    CRAP!! I downloaded a flash update today on my macbook!

    What should I do help!! I'm not joking.
     
  21. macrumors newbie

    Joined:
    Sep 1, 2011
    #21
    Well... i was a PC user in the XP era and i didn't get any virus (and there are thousands of windows wiruses, right?) so, I think that is REALLY HARD to get your mac infected. ¿Who would download flash from other site than Adobe.com? :confused:
     
  22. macrumors 6502a

    igazza

    Joined:
    Aug 7, 2007
    Location:
    earth
    #22
    Best idea is to use chrome as your browser :)
     
  23. macrumors 65816

    Joined:
    Oct 4, 2005
    Location:
    Toronto, Canada
    #23
    I can't completely give you those answers but one way is Time Machine. If you're infected or fear that you are infected just restore your whole HD to a previous state.
     
  24. macrumors newbie

    Joined:
    Sep 1, 2011
    #24
    If you downloaded from Adobe Updater or from Adobe.com i'm sure you're safe... if you downloaded from some pr0n site or crappy page maybe you're in trouble... :p
     
  25. macrumors 6502

    Joined:
    Jan 28, 2011
    Location:
    Livingston, Scotland
    #25
    No, not really. Functioning perfectly fine the last time I checked.
     

Share This Page