Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
People click through certificate warnings all the time, mostly because they don't know or care what it means. I don't think the scenario is as far-fetched as you seem to think it is.

Before going into panic mode, try to analyse what you have here. End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that.

You cannot protect ignorant people, even if you like.

Difference here is that you only get infected if you explicitly allow malware to run. In MS world you get infected without even knowing it.
 
Curious...

It's a little out of my element, but if they know where the instructions are coming from (h t t p ://95.215.63.38/, according to the article), can nothing be done with that? Sure, I suppose it could pop up again somewhere else, or is that address only one of x that are being used?

Just wonderin'
 
Here we go again....

At least it appears to be easier to remove than a Windows style malware infection...

it infects itself in every binary you run. It also installs itself just by visiting a webpage, and exploiting a security hole. No user interaction necessary, besides just visiting a bad URL.
 
Is this a hole in 10.7.3 with java? Because I am still running 10.7.2 and haven't updated it because nothing was wrong with what I was using. If I'm protected on 10.7.2 ill stay where i am instead of upgrading.

----------

I just checked my updates again and I have a java update 2012-001. Should I not update this, considering this is what the problem is?
 
Here we go again....

At least it appears to be easier to remove than a Windows style malware infection...

The article has clearly stated that you need to use Terminal, which involves commands and some deep knowledge of what you're doing, for Flashback's removal.
In Windows, you just need to use Windows Malicious Software Removal Tool or a decent anti-virus, which involves 1 or 2 clicks.

Yea, it's gotta be very hard to click things. I mean, typing commands in Terminal must be simpler.

I know that MacRumors is an Apple oriented place, where Apple lovers come to discuss things about Apple's product. But, posts like the one I quoted make it look like a fanboy place, not an Apple technology discussion place.
 
Right. Also, you are alright if you have Office 2008, Office 2011, or Skype installed on your system. So, pretty much everyone ;)

I think not. I do not have Skype, and using Office 2004 - works just fine.

...End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that. ...

Why would users have a problem accepting a certificate from Apple?

Remember, even heavy users are not techno geeks.
 
You only need to run the two commands.

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

Copy and paste chisperro's two lines into a terminal.

Pardon my ignorance but my use of terminal has been somewhat limited. Do I enter the commands one at a time or both at once? Also, since I have Office 2011 installed the terminal commands are not needed as stated in previous posts?

Thanks in advance for helping me to understand.
 
Last edited:
Awesome, I'm clean :).

(And I love knowing terminal. It allows you to work your way around a lot of stuff. Like having to rely on apple's recovery software when your hard drive fails. It sux and kept failing to save anything cause it kept coming across one bad file (but instead of skipping it it just refused to do anything). But knowing terminal allowed me to explore the hard drive manually and save what I needed when it was crashing).
 
I thought Apple computers needed no malware or virus scanners/cleaners because the OS is a fortress and blocks all intrusion in to the system? :confused:
 
The article has clearly stated that you need to use Terminal, which involves commands and some deep knowledge of what you're doing, for Flashback's removal.
In Windows, you just need to use Windows Malicious Software Removal Tool or a decent anti-virus, which involves 1 or 2 clicks.

Yea, it's gotta be very hard to click things. I mean, typing commands in Terminal must be simpler.

I know that MacRumors is an Apple oriented place, where Apple lovers come to discuss things about Apple's product. But, posts like the one I quoted make it look like a fanboy place, not an Apple technology discussion place.

Well given that there were instructions posted on this thread it is as simple as copy/paste ;).

But yeah, for some one like my parents it probably would confuse them. But honestly, at that point it's just like following a recipe, I don't get people who can't do that either.
 
Here comes the debate between the definitions of "Malware" and "Virus"

Yup. 100000% agree. As a mac user I can be Smug that I am virus free! Irrelevant that malware is where the damage is being done these days.
 
Before going into panic mode, try to analyse what you have here. End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that.

You cannot protect ignorant people, even if you like.

Difference here is that you only get infected if you explicitly allow malware to run. In MS world you get infected without even knowing it.

The majority of people who own a Mac are J6P, not computer savey tweakers.
They paid the extra money for a Mac because it is easy to use and only allows performing a task using one single method. Not multiple methods like the Win OS.

These are the people who will get infected. They click on pop ups, emails & anything that their computer tells/asks them to do.
 
Clean...yeah. Oddly, enough I do have Office, Skype and Little Snitch installed so maybe it avoid me?
 
Pardon my ignorance but my use of terminal has been somewhat limited. Do I enter the commands one at a time or both at once? Also, since I have Office 2011 installed the terminal commands are not needed as stated in previous posts?

Thanks in advance for helping me to understand.

Go to the link posted on the original post rather than that. It gives you explicit instructions. You post the first command that guy gave you, and if that one finds nothing (blah blah does not exist), then you post that other line, and if that one finds nothing you are clean. Otherwise there are some other steps you need to be doing that are explained in the article.
 
If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?

Interesting.

I think not. I do not have Skype, and using Office 2004 - works just fine.

Why would users have a problem accepting a certificate from Apple?

Remember, even heavy users are not techno geeks.

From the article on removing the infection it states that this is the case only in "Infection Type 2". See screen shot attachment.
 

Attachments

  • Screen Shot 2012-04-05 at 9.36.16 AM.png
    Screen Shot 2012-04-05 at 9.36.16 AM.png
    39.2 KB · Views: 149
This is very bad news for consumers who should be safe from these problems when using a Mac. But it's important to note a trojan is not a virus. So we're still well ahead of Windoze users.

From what I understand most hackers these days don't bother with virus's anyways. Trojans are easier and easy enough to get people to fall for it they don't need to create virus's.
 
Very few people benefit from having Java enabled. I have it disabled on my Mac. Now Flash is still a vulnerability to my Mac.
 
Huh? My memory must be playing tricks on me, I thought Apple stopped doing their own Java updates over a year ago(?)
 
Is this a hole in 10.7.3 with java? Because I am still running 10.7.2 and haven't updated it because nothing was wrong with what I was using. If I'm protected on 10.7.2 ill stay where i am instead of upgrading.

----------

I just checked my updates again and I have a java update 2012-001. Should I not update this, considering this is what the problem is?

It's a Hole in Java.
Yes update Java, the update's patched for that vulnerability.
 
Is this a hole in 10.7.3 with java? Because I am still running 10.7.2 and haven't updated it because nothing was wrong with what I was using. If I'm protected on 10.7.2 ill stay where i am instead of upgrading.

----------

I just checked my updates again and I have a java update 2012-001. Should I not update this, considering this is what the problem is?

Check to make sure your mac is clean, then go get all the updates. It doesn't make sense to stay behind date unless you absolutely have an incompatible application. Those updates are there to protect you.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.