600,000 Macs Worldwide Reportedly Infected by Flashback Trojan

[tekno]

Macs still can't get "viruses". There is actually no known virus for Mac. But Macs can get infected by Trojans, that is malicious code that bad people lure the user into installing on their machine.

I know there's a difference between them (only cos of people on here getting arsey about people's use of the terminology) but I don't know what the differences are. Nor do I care.

Regardless of the name, I would just lump all malware/trojans/viruses into one camp called "Stuff I don't want nor asked for".

I have always been under the impression Macs were immune to these. Guess I was quite wrong.

 

[dejo]

...and the 'Mac' said he can't get viruses..

Watch the ad again. That's not what the Mac says.

And your insinuation that an AV can make a system more insecure is just simply dangerous.

Oh, really?

 

[Old Smuggler]

i hope its not contagious

 

[krzyglue]

Sure it has "a shot" in the dark, but the fact remains that AV software has been used as a vector for attacking Windows. That's not an insinuation, it's the truth.

That's not what I said. Sure it has been used, as has virtually everything. But overall, a good AV program does not make a computer more insecure.

Besides, I don't have any examples handy, but I'm sure the ones you have in mind did not affect what are generally considered good AV programs (i.e. they involve some old version of Norton).

Oh and it's not a "shot in the dark" either– independently conducted tests show most AV programs to have reasonably good heuristic detection rates.

 

[Mike Oxard]

Humans can't get malware.

You've not met my mother in law

 

[warfed]

Macs still can't get "viruses". There is actually no known virus for Mac. But Macs can get infected by Trojans, that is malicious code that bad people lure the user into installing on their machine.

Macs CAN get viruses, just like anything that runs software. You have to understand that writing a virus is much more difficult than a Trojan, so why waste effort on 10% of computer users? Macs are not more secure, they have less malware because there is a competitor that has 86% market share and everyone is targeting them...

 

[rjohnstone]

How is installing another piece of software that itself might be compromised being proactive? And if some one is going to ignore software updates what makes you think they'll use AV software properly? Don't AV packages require frequent updates too?

Well written AV programs update themselves.
They take the user out of the equation.
I have yet to see a REAL AV program get compromised.
By real I mean programs like McAfee, not the freeware AV programs.

I've seen them get disabled do to holes in the OS about 10 years ago, but never compromised directly.

 

[calvert6183]

I hope Apple does a better job on security.
Im wishing to see some patch by this year.

Its not Apple's fault. Microsoft and Apple can not predict the future and prevent bad computer nerds from writing a new Malware, virus, etc. Its going to happen. Its how they respond after an attack that matters. A fix will be out soon. Right now they are trying to figure out what it really is. Someone wrote it in a differ language so it will take time for a fix.

 

[eastercat]

Hi guys, is it safe to follow the instructions posted by F-Secure ? As you know, sometimes following the instructions to remove some bad stuffs actually install them instead.

It is possible the folks at Ars Technica, where the article came from, were taken in by a lie. Question is, are you smarter than they are?

I've owned a Mac for about seven years.

So, I've read this story, got concerned and looked to put it right but I simply don't understand what to do. I've never used Terminal and have no idea how to perform the instructions outlined. Other than running 'Software Update', I don't know how to see if I have it nor how to get rid of it.

How is this hard? Apple makes it easy to find Terminal with finder--unlike with Windows 7, where you have a bitch of a time finding the ms dos prompt.
Also, typing commands that are given to you don't seem that difficult to me. It's no different than typing commands in ms dos.
FYI, I'm on my first mac, which I got in 2008.

 

[cwt1nospam]

That's not what I said. Sure it has been used, as has virtually everything. But overall, a good AV program does not make a computer more insecure.

The point is, it costs you time (personal and processor time) and money, which adds up to a lot of money, and gives you at best a few weeks worth of questionable protection before a Software Update comes out. At worst it makes you less secure and the Software Update is out before the AV software gets a definition update that would recognize the threat.

If you think that's worth your time, go for it. The rest of us have better things to do.

 

[Westside guy]

Ugh. People, quit using an administrator account for your day to day activities! Set up a separate account and give it admin rights - just append "admin" to your regular account's name (so "joe_admin" for example). Then, remove your own account's admin privileges.

On those rare occasions you actually need admin rights, OS X will prompt you to provide the username and password of an administrator - that's when you use that "joe_admin" account. It's painless, you don't really even need to think about it - it's that straightforward.

If you get an unexpected prompt for an administrator account while you're browsing the web... there's likely something fishy going on!.

 

[Zendokan]

Great, half of this thread is a mob in panic mode.

Ladies and Gentlemen, it's a trojan that doesn't even installs itself when "Little Snitch", "Xcode" ,"VirusBarrier X6", "iAntiVirus", "avast!", "ClamXav", "HTTPScoop", "Packet Peeper", "MS Office 2008", "MS office 2012" and "Skype" are installed on your system.

Not really a big danger and from the looks of the apps I would almost say that it's more a Antivirus Sellers/Microsoft advertising campaign that a threat.

Just follow the steps in the F-secure post.
If that doesn't work and it really becomes "a problem", then just reïnstall OSX, you can do that in 30min tops and since a UNIX base system doesn't use a registry, all your applications will be there and still working after completing the installation of OSX.
Try that with a Windows environment!


Do this and there will not be even a next time:
- Disable Java in your web browser
- Read everything in the pop-up before you enter your Apple-id and password
- If your system asks for entering your Apple-id and password and you haven't installed any software in the moments before your system generates that pop-up, there's a very good chance that it's a Trojan trying to get installed.


Trojans still ask politely if they can install themselfs on your Mac AND you have to give them permittion by typing your Apple-id and password.
Still no virusses in the wild for MacOSX.


So relax.

 

[Bernard SG]

I know there's a difference between them (only cos of people on here getting arsey about people's use of the terminology) but I don't know what the differences are. Nor do I care.

Regardless of the name, I would just lump all malware/trojans/viruses into one camp called "Stuff I don't want nor asked for".

I have always been under the impression Macs were immune to these. Guess I was quite wrong.

While Macs are not immune, the fact is that the occurrences of malware targeting them are EXTREMELY rare, as compared to Windows.

----------

Macs CAN get viruses, just like anything that runs software. You have to understand that writing a virus is much more difficult than a Trojan, so why waste effort on 10% of computer users? Macs are not more secure, they have less malware because there is a competitor that has 86% market share and everyone is targeting them...

No, until someone shows us an actual virus targeting a mac, that market-share argument is a myth.

 

[warfed]

How is this hard? Apple makes it easy to find Terminal with finder--unlike with Windows 7, where you have a bitch of a time finding the ms dos prompt.

Really? " All Programs -> Accessories -> Command Prompt " is difficult to find?

 

[thejadedmonkey]

User has to accept a self-signed certificate to launch a downloader so user interaction is required.

Everyone remembers that Flashback is a spoofed installer which requires password authentication to install the final malware payload.

"After being dropped and executed on the system via the CVE-2012-0507 exploit, the new Trojan horse prompts a dialog window that asks the user for their administrative password."

http://www.computerworld.com/s/arti..._Java_bug_infects_Macs_with_Flashback_malware

True, but how many people are going to hit "no" when they see the self-signed cirtificate? Most people would (rightfully so) think that is less dangerous than typing in your admin password.

On execution, the malware will prompt the unsuspecting user for the administrator password. Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.

...

In cases where the user did not input their administrator password...This in effect will inject binary2 into every application launched by the infected user.

----------

Really? " All Programs -> Accessories -> Command Prompt " is difficult to find?

That's much harder than OS X, where you go Applications -> Utilities -> Terminal.

 

[BasilFawlty]

clean here, update your system often and you should not run into this trojans...
The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

For those who want to check if mac is infected (from F-Secure instructions):
Run the following command in terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get "The domain/default pair ... does not exist" for both - you are clean


from 9to5mac

Thanks! That was the bacis question I wanted answered! Fomr the F-Secure page it wasn't realy clear how yo just ensure you had it or not. This helps.

 

[sngx1275]

The point is, it costs you time (personal and processor time) and money, which adds up to a lot of money, and gives you at best a few weeks worth of questionable protection before a Software Update comes out. At worst it makes you less secure and the Software Update is out before the AV software gets a definition update that would recognize the threat.

If you think that's worth your time, go for it. The rest of us have better things to do.

I guess the real question in this mini debate is: Has there been a trojan out in the wild that was caught by an AV program before it was patched or added to the anti-malware protection built in to OS X? If the answer is yes, then the guy you are debating is right.

Really? " All Programs -> Accessories -> Command Prompt " is difficult to find?

And if you can remember 3 letters its even easier. Windows Key + cmd + enter.

 

[VenusianSky]

Nowdays... people are the biggest vulnerability to a system. A machine cannot protect you from yourself - if you enter a password when you are prompted to, without checking to make sure you initiated a command that would cause that popup window to appear (like manually launching software update or clicking a lock button in system prefs) the mac can't override your willingness to put your user/password in ....

Just use some common sense.

Nowadays? That is how it has always been. Before the internet, it was just more about physical security. If people wanted access to sensitive computer data, they would take it at the physical level (think of dropping down though a vent in the ceiling with a floppy disk type of stuff). I've always said that a computer is only as useful and secure as the user behind it. The thing is that computer technology is far too advanced than most users.

 

[warfed]

No, until someone shows us an actual virus targeting a mac that market-share argument is a myth.

I give up. Back to creating software.

 

[GGJstudios]

You only need to run the two commands.

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If anyone is uncomfortable with Terminal, there is another easy way check for the presence of the Flashback trojan:

To check for LSEnvironment:

1. In Finder, browse to /Applications/Safari.app
2. Right-click and Show Package Contents
3. Right-click on Info.plist and Open With > TextEdit
4. Press Command-F to search the file
5. Enter LSEnv (the first part of LSEnvironment) as your search term
6. If it doesn't find it, your system is clean
7. Be sure to close TextEdit and the Finder window without saving or altering any files

To check for DYLD_INSERT_LIBRARIES:

1. Open Finder and click on your user name (home folder)
2. Press Command-F to search
3. Enter MacOSX as your search term
4. Select your user name, rather than "This Mac" to search
5. Click the "+" button under your search term
6. Click the "Kind" dropdown and select "Other", then "File visibility"
7. Change "Visible" to "Visible or Invisible"
8. Look for a file/folder named ".MacOSX"
9. If it's not there, your system is clean

​

 

[tekno]

It is possible the folks at Ars Technica, where the article came from, were taken in by a lie. Question is, are you smarter than they are?

How is this hard? Apple makes it easy to find Terminal with finder--unlike with Windows 7, where you have a bitch of a time finding the ms dos prompt.
Also, typing commands that are given to you don't seem that difficult to me. It's no different than typing commands in ms dos.
FYI, I'm on my first mac, which I got in 2008.

I'm not suggesting it's hard, more pointing out that at no time do I need to use terminal, so why with this?

Such a tiny percentage of people will read sites like these which outline what to type where in Terminal that Apple should look at making it easier.

Why you've mentioned Windows' MS DOS here is beyond me. Just because an aspect of a Mac may be marginally easier that that of a PC doesn't mean it cannot and should not be improved upon. Doing something better than a Windows machine does not justify a weak part of a Mac.

 

[cwt1nospam]

I guess the real question in this mini debate is: Has there been a trojan out in the wild that was caught by an AV program before it was patched or added to the anti-malware protection built in to OS X? If the answer is yes, then the guy you are debating is right.

So you're saying that if AV software gave even one day of protection before a free software update then it's worth the cost??? Even though the risk over several weeks would be minimal???
I don't think so.

 

[tekno]

While Macs are not immune, the fact is that the occurrences of malware targeting them are EXTREMELY rare, as compared to Windows.

If they are EXTREMELY rare (and not impossible) then it is even more important for Apple to make the detection and deletion of malware EXTREMELY easy.

 

[sngx1275]

So you're saying that if AV software gave even one day of protection before a free software update then it's worth the cost??? Even though the risk over several weeks would be minimal???
I don't think so.

You are saying you'd rather run an infected machine for a while is acceptable? This information on the Java vulnerability was out in Feb. It is April now.

ClamAV is free. If cost also figures into CPU time, then maybe you have a very weak argument there. Even slow C2D Macs have enough processor to deal with an AV in the background.

Also, where is Apple's malware patch for this? All they've done is release the Java patch. Which doesn't remove the trojan if you have it.

 

[GGJstudios]

i wanna be the first person

You're not the first.

"i thought MACs don't get viruis's"

They still don't. They can, and they have in the past, with Mac OS 9 and earlier. There has never been a Mac OS X virus in the wild since Mac OS X was released over 10 years ago. Macs are not immune to malware and trojans have been around for a very long time, so this is nothing new.

Can anyone recommend anti-virus/malware software for the Mac?

ClamXav is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.

I am willing to pay for peace of mind.

Unless you're practicing safe computing, installing an antivirus app only buys you a false sense of security, not true peace of mind.

600,000? Is this a sizable portion of the install base of OSX?

Apple sells around a million Macs per month and has for years. You do the math. Some have reported Mac OS X has an installed base somewhere around 50 million.

Ugh. People, quit using an administrator account for your day to day activities!

That makes very little, if any, difference. Running a standard account vs an admin account doesn't ensure security.

Ladies and Gentlemen, it's a trojan that doesn't even installs itself when "Little Snitch", "Xcode" ,"VirusBarrier X6", "iAntiVirus", "avast!", "ClamXav", "HTTPScoop", "Packet Peeper", "MS Office 2008", "MS office 2012" and "Skype" are installed on your system.

I find this most interesting. Malware that doesn't infect if it detects that you've acquired certain software apps? Sounds like a great marketing tool!

Trojans still ask politely if they can install themselfs on your Mac AND you have to give them permittion by typing your Apple-id and password.

No trojan asks for your Apple ID and many trojans don't ask for your admin password.