Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

600,000 Macs Worldwide Reportedly Infected by Flashback Trojan

A

My personal opinion is that Microsoft is used as a potential scapegoat.

It are the other software that the Trojan searched for that bothers me, the AV software.
According to a lose calculation of another member there would be about 115 million Macs active in the world with what?, maybe 100 million using no AV software.
That's a huge market to tap into for an AV software company.

Is there anything known about the functionality of the Trojan?
Since a Trojan needs human interaction to be installed and is nothing more than an application, why would anyone create a Trojan that doesn't install itself when it reads that AV software is on the Mac?

AV Software needs a sample of the Trojan program code to find it, so if it hasn't had gotten that sample code through a virus library update, it would not consider that program a threat and even then it's an hassle to remove it from your system.

On Wintel systems the AV software will some of the time "quarantaine" the infected code instead of removing it permanently, so I don't see the point of writing a Trojan that doesn't install itself after it already was cleared to install by the system's administrator a.k.a. the user.
 
Roc P. said:
Thanks for your reply. May I ask for further explanation as to why? I am just curious. If you aren't in the mood, I understand. Or even if you can link me to any webpages with further info. that would be appreciated. Thank you!
Click to expand...

I didn't see any replies so I'll just give a simple one. Despite the name, Java and Java Script have nothing in common. So there is no correlation between the two as far as any kind of vulnerability.
 
bobr1952 said:
I didn't see any replies so I'll just give a simple one. Despite the name, Java and Java Script have nothing in common. So there is no correlation between the two as far as any kind of vulnerability.
Click to expand...

Thanks. This is all so confusing. I am generally very careful when it comes to surfing the web but the fact that I can get a Trojan or some other type of malware just by visiting a particular site or clicking on a link without actually doing anything else is scary.
 
Aviboy97 said:
Does any one actually have this malware? I think the 600,000 number is complete BS
Click to expand...

Only a handful here seems to have gotten it, but then again, Macrumors forum members are much, much smarter than other people, including regular people, government officials, law enforcement officials, lawyers, non-Apple exec's etc.

/sarcasm
 
Roc P. said:
No worries man, I didn't think you were being a douche or anything. Thanks for the reply and I will definitely do some reading up on wikipedia etc. :)
Click to expand...

Semi-short answer:

Javascript is a scripting language built in to the browser (the browser supplies the runtime engine) to interact with page elements on the client/user end (it allows remoting and other advanced techniques as well, just keeping this simple...)

For example, you click a button and a Javascript is triggered that looks for values in a couple of text inputs to validate a form or registration. Javascript can move objects, dynamically change properties like color or size.

Java is a full tilt programming language (and framework) on top of which you can build complete client applications, that can read/write files, etc., just like any application you install. The browser implementation is supposed to keep it sandboxed _in_ the browser with a set of rules that limits what it can do outside the browsers. Java apps can be sent down the same connection as the browser, where they’re stored locally, and then executed in the constraints of the browser.

A simple example is a ticker (the left-to-right scrolling text widgets). That can be implemented by sending a small Java app along with the page markup, then the app is call the app from the page (by using simple HTML markup), and it shows up inline with the other HTML.

The exploit is leveraging a bug in the Java runtime (it’s like an external program that runs java apps), that’s allowing a browser based applet, to access system resources like it’s running as a standalone client application. So basically they send a Java applet downstream with the other markup, it’s triggered (this is all OK so far), prompts you, but then proceed to do something that the browser sandbox/container should not allow (filesystem access for injecting code, reading files, etc.)

It’s potentially the same problem with Flash. An external runtime engine that’s _supposed_ to have limitations when invoked from within a browser. Way back when people were using Active X, it also had this problem, A/X was a runtime container that was supposed to limit system access that was implemented in Internet Explorer (by MS).
 
thejadedmonkey said:
If I knew that, I'd be a security researcher. But I trust them when they say
Click to expand...

Researchers also said leap-a infected every app launched by the user but this was only true when the user was running as root.

Only apps owned by the user, so non default apps not installed via the app store, will be infected with binary2. But, binary2 really only made to target Safari so this is just collateral damage beyond the intent of the malware.

Java is owned by system but it is running with user privileges when it is being exploited by this Trojan. That payload then tries to modify apps on disk. If those apps are owned by system then modification is unsuccessful.
 
Last edited:
tekno said:
When I bought my Mac I remember Apple having a series of ads (the "Hello I'm a Mac..." ones) where the 'PC' had a cold and the 'Mac' said he can't get viruses. It was one of the reasons I went for a Mac.

Has that changed or were Apple stretching the truth?
Click to expand...

I think this has changed a bit.

----------
NakedPaulToast said:
In this case it can.

Flashback will prompt you for your Admin password, if you provide it it infects you one way.

If you don't provide it, it will infect you a different way. Not providing the password doesn't protect you.
Click to expand...

Then does this make Flashback a virus, now?
 
Wondercow said:
It shouldn't. The Aplications folder has, to my knowledge, always been read-write-execute (rwx) for group Admin and r-x for Others. So, either you are already logged in to an admin account or you've changed the privileges for the Applications folder to rwx for Others.

For user accounts, i.e. non-admin, one should not be able to write to /Applications.
Click to expand...
Logged in as admin on Leopard, it does not prompt for a password. It does on Snow Leopard (and I assume Lion).
MuppetGate said:
Mmm. Just tried this. As soon as I tried to copy the folder I got a prompt telling me that I needed to authenticate.
Click to expand...
As I said earlier, it appears to depend on which OS version you're running.
superstarmc said:
Can someone tell me how to check and see if I have this virus?
Click to expand...
It's a trojan, quite different from a virus. The instructions for checking for it and removing it are here.
 
Av

Ok with all this talk of virus, malware, trojan, blah blah blah, is there a need for an anti-virus for my mac? I dont want a dissertation on the subject at hand just a simple yes or no. Im a normal user who is careful which websites to visit and is careful on what is installed.
 
davidcmc said:
The article has clearly stated that you need to use Terminal, which involves commands and some deep knowledge of what you're doing, for Flashback's removal.
In Windows, you just need to use Windows Malicious Software Removal Tool or a decent anti-virus, which involves 1 or 2 clicks.

Yea, it's gotta be very hard to click things. I mean, typing commands in Terminal must be simpler.

I know that MacRumors is an Apple oriented place, where Apple lovers come to discuss things about Apple's product. But, posts like the one I quoted make it look like a fanboy place, not an Apple technology discussion place.
Click to expand...

I'm agreeing to what you have to say but don't take some of the comments really seriously.

Apple released the update and the definitions themselves. They didn't ask anybody to use the terminal though.
 
Ram171 said:
Ok with all this talk of virus, malware, trojan, blah blah blah, is there a need for an anti-virus for my mac? I dont want a dissertation on the subject at hand just a simple yes or no. Im a normal user who is careful which websites to visit and is careful on what is installed.
Click to expand...
No, as long as you practice safe computing.
 
GGJstudios said:
No, as long as you practice safe computing.
Click to expand...

This post should not be as thumbed down as it is. 600,000 idiots were infected.

Macs at present do not need third party anti-virus software.

Macs like all computers do need maintenance software, however.
 
D.T. said:
Semi-short answer:

Javascript is a scripting language built in to the browser (the browser supplies the runtime engine) to interact with page elements on the client/user end (it allows remoting and other advanced techniques as well, just keeping this simple...)

For example, you click a button and a Javascript is triggered that looks for values in a couple of text inputs to validate a form or registration. Javascript can move objects, dynamically change properties like color or size.

Java is a full tilt programming language (and framework) on top of which you can build complete client applications, that can read/write files, etc., just like any application you install. The browser implementation is supposed to keep it sandboxed _in_ the browser with a set of rules that limits what it can do outside the browsers. Java apps can be sent down the same connection as the browser, where they’re stored locally, and then executed in the constraints of the browser.

A simple example is a ticker (the left-to-right scrolling text widgets). That can be implemented by sending a small Java app along with the page markup, then the app is call the app from the page (by using simple HTML markup), and it shows up inline with the other HTML.

The exploit is leveraging a bug in the Java runtime (it’s like an external program that runs java apps), that’s allowing a browser based applet, to access system resources like it’s running as a standalone client application. So basically they send a Java applet downstream with the other markup, it’s triggered (this is all OK so far), prompts you, but then proceed to do something that the browser sandbox/container should not allow (filesystem access for injecting code, reading files, etc.)

It’s potentially the same problem with Flash. An external runtime engine that’s _supposed_ to have limitations when invoked from within a browser. Way back when people were using Active X, it also had this problem, A/X was a runtime container that was supposed to limit system access that was implemented in Internet Explorer (by MS).
Click to expand...

Ok gotcha, this helps me understand the differences a lot more. Thanks!
 
I think they should issue security updates for older OS's as a matter of right and wrong. It wouldn't hurt to have a compatibility update to other hardware and services, but I am not holding my breath. While I am talking about it I think they should offer updates every 5 years for legacy software so hardware does not end up in landfills unnecessarily. That would be ecology.

Rocketman
 
Lynn Belvedere said:
So much for Macs not needing antivirus.

It was on this very site that I read a thread with user after user after user commenting that antivirus was not necessary on a mac because they are immune. Oh well.
Click to expand...

Still isn't necessary, apple software update will patch your computer and apple malicious software tool will remove it as soon as apple updates the definitions. And no one says MAC's are immune, let alone immune to user ignorance.
 
Mac Users Mislead By Apple?

Could it be that Mac Users have been grossly mislead by Apple?

Here's a few different writers take on it.

Apple malware flourishes in a culture of denial
http://is.gd/d0u7d6

Security industry insiders have long known the Mac platform has its holes. The Flashback Trojan is the first in-the-wild issue that's confirmed this, and big-time. More will follow unless Apple steps up its game.
http://is.gd/LSRB7a

All right, Mac users — the day of reckoning has come.
Thanks to a well-documented flaw that Apple didn't patch for three months, a nasty piece of malware called Mac Flashback seems to have infected nearly 600,000 Macs worldwide
http://is.gd/rG3gnx

Flashback Trojan dates back to February, but Apple did not release a patch until April 3. As a result, approximately 550,000 Macs were infected
http://is.gd/tiU1Td

Sorokin noted that 274 of the infected Macs were found in Cupertino, Calif., where Apple keeps its headquarters.
http://is.gd/0FzBvD

Have you been put off by the work required to see if your machine is one of the unlucky ones infected with a Trojan that's been making the rounds?
http://is.gd/Da0zWn
 
Apple update

With Apple fixing these holes in Java, How can I be sure that the auto update I'm given is an authentic one from apple?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back