Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

600,000 Macs Worldwide Reportedly Infected by Flashback Trojan

I ran the test and my MBP came up clean! Running latest OS X.7 and use Java for only playing Minecraft. Will run on iMac once i get home. Should this be run on older systems like MBP running OS X.6? Or even PowerMac G5 running X.5.8? or is this strickly OS Lion Issue?
thanks
 
chrisperro said:
clean here, update your system often and you should not run into this trojans...
The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

For those who want to check if mac is infected (from F-Secure instructions):
Run the following command in terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get "The domain/default pair ... does not exist" for both - you are clean


from 9to5mac
Click to expand...

clean here as well. Surprising with all the online porn I watch!
 
From TFA:
Each bot includes a unique ID of the infected machine into the query string it sends to a control server.
Click to expand...
Is there someone available to verify this claim? I'm not saying that I do not believe this to be true, but there is little said to support this. I see a lot of press that is based on this claim (including wikipedia), but have not been able to find credible validation.

There's a slim possibility that theres a few thousand infected Macs, and that Dr. Webb has blown this out of proportion.
 
You'd know if this thing tried to attack your Mac because you'd get an unexpected "Flash install" pop-up while browsing a web page. It wouldn't look like the typical dark gray (real) Adobe one, it would be a standard OS X installer with the Flash logo in the background (fake). It would ask for your administrative password to install. You'd also probably see an invalid digital certificate warning and have to click to allow it to continue. The degree of user interaction required to get infected is quite high. In other words, this thing won't just quietly slip into your Mac without your knowledge like a virus would. Trojan infections require the user to be tricked into installing them. Unfortunately, most average computer users are used to providing their password and blindly clicking through security warnings, so that explains why so many were infected.

Any software platform or OS where anyone can freely write and run any software without restrictions can potentially have a Trojan developed for it. The OS assumes that the user knows which programs are good and bad and that the user will only run good ones. Unfortunately, most users are not like that and they can be tricked into running a bad program, giving it permission to have free reign over their computer.
 
chrisperro said:
clean here, update your system often and you should not run into this trojans...
The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

For those who want to check if mac is infected (from F-Secure instructions):
Run the following command in terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get "The domain/default pair ... does not exist" for both - you are clean


from 9to5mac
Click to expand...

When I executed the commands, I got,

"U R h4X3r3D... DIE NUBE!!!!"

Is my system safe?


Canaan said:
Totally clean here. I'm not someone who goes around clicking on anything online or even anything that pops up on the computer. I've learned plenty from using PCs. I figure most of the people who get this are probably those who aren't able to keep a windows machine clean or assume that OSX (or any OS for that matter) is bulletproof. I do love how much better my Mac is at security though :D
Click to expand...

You can be infected by a pop up ad. No clicking required.





RicAlonso said:
Can anyone recommend anti-virus/malware software for the Mac? I am willing to pay for peace of mind.
Click to expand...

ESET

tekno said:
So the fact that I've run Software Update (and always update whenever prompted) and everything is up-to-date means I'm ok? Why all this Terminal shenanigans then?
Click to expand...

You are less likely to be infected.

tekno said:
When I bought my Mac I remember Apple having a series of ads (the "Hello I'm a Mac..." ones) where the 'PC' had a cold and the 'Mac' said he can't get viruses. It was one of the reasons I went for a Mac.

Has that changed or were Apple stretching the truth?
Click to expand...

A virus is like a virus. Your computer gets infected because another computer sneezes. A trojan is like food poisoning. If you don't eat the burger, you won't get sick.



cwt1nospam said:
So you're saying that if AV software gave even one day of protection before a free software update then it's worth the cost??? Even though the risk over several weeks would be minimal??? :eek:
I don't think so.
Click to expand...

Most of us use our computers to access bank records. I don't want someone in a third world country walking off with five or ten million dollars of my money. Most of us also use our computers to manage our domain names and servers. I don't want some moron in a third world country walking off with my companies.

AV is fast and cheep. Not having AV can cost you a great deal of money and time. If all you do with your computer is play WOW, you probably don't need AV.
 
KALLT said:
From the instructions:
So if you have any of these apps installed, you should be alright?
Click to expand...

Better than that.. you just have to have one of those paths EXIST.

So, executing this command from the Terminal will create an empty file that will trick the trojan and make it delete itself:

touch /Applications/ClamXav.app
 
GGJstudios said:
You're not the first.

They still don't. They can, and they have in the past, with Mac OS 9 and earlier. There has never been a Mac OS X virus in the wild since Mac OS X was released over 10 years ago. Macs are not immune to malware and trojans have been around for a very long time, so this is nothing new.
Click to expand...

does no one know what a winky eye is when they see one.:confused:
 
RalfTheDog said:
Most of us use our computers to access bank records. I don't want someone in a third world country walking off with five or ten million dollars of my money. Most of us also use our computers to manage our domain names and servers. I don't want some moron in a third world country walking off with my companies.
Click to expand...
Oh, please! I use my Mac for banking and web work almost daily and have no need for AV software. If you know how to run AV software properly then you just don't need it. If you don't know how then it's not going to help you anyway.
 
Sooo does anyone actually have this? With 600,000 infected Macs you'd think there'd be some noise on the forums.
 
chrisperro said:
update your system often and you should not run into this trojans...
Click to expand...

Nice theory but it doesn't work in practice. Apple isn't releasing updates for the TENS OF MILLIONS of older computers that don't run the recent OS. Apple has abdicated both their responsibility to users and to shareholders.

Apple should be keeping the existing users safe. They built Macs to last and they do. But they need to be kept upgraded and Apple's not allowing that because they stop supporting older hardware.

Apple's not doing their fiscal duty to shareholders because they're abandoning all the profits they could be making from selling upgrades and support to the users of the older Macs. There is a lot of money Apple could be making by continuing to support the old hardware.

More over, Apple should support the old hardware from an environmental green principle. Don't throw it out just because new hardware comes out. Old computers still work fine. Pass them on.
 
cwt1nospam said:
Oh, please! I use my Mac for banking and web work almost daily and have no need for AV software. If you know how to run AV software properly then you just don't need it. If you don't know how then it's not going to help you anyway.
Click to expand...

What's to know? As long as your subscription is up to date, the software will auto update the library for you. Run a deep scan once a week for any leftover malware that was not originally detected.

If the software has even a 1/10th of one percent chance of catching something sneaking into your system, it is well worth it. Remember, some of the new exploits do not require clicking on anything to infect. Others hide the "accept" button under a different one. You think you are clicking on a close dialog box, however, you are giving it permission to own your system.

Malware writers are getting better at hiding their stuff. It only takes one accidental click as you are shutting down your system and they own you.
 
Apple Mac users warned of MS Office vulnerability that could plant Trojan software

Picked this up from a reliable source in the UK. I was not sure where it should be posted. Perhaps an Administrator will move as appropriate.



Several security companies have recently detected malicious MS Word documents that are designed to exploit a vulnerability in MS Office 2004 and 2008 which can plant Trojan software.

A remote code execution vulnerability exists in the way that unpatched versions of Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

This problem only affects Macs which have not been properly updated with the full set of Microsoft Office Patches.
-------------------------------------------------------------------------------------------------------------------

W E B L I N K S
Alienvault:
http://labs.alienvault.com/labs/ind...-x-seen-in-the-wild-delivers-mac-control-rat/

Trend Labs:
http://blog.trendmicro.com/maliciou...political-events-as-lure-for-targeted-attack/

Microsoft Bulletin:
http://technet.microsoft.com/en-us/security/bulletin/MS09-027
Microsoft Update: http://support.microsoft.com/kb/969514
 
Viking23 said:
Picked this up from a reliable source in the UK. I was not sure where it should be posted. Perhaps an Administrator will move as appropriate.



Several security companies have recently detected malicious MS Word documents that are designed to exploit a vulnerability in MS Office 2004 and 2008 which can plant Trojan software.

A remote code execution vulnerability exists in the way that unpatched versions of Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

This problem only affects Macs which have not been properly updated with the full set of Microsoft Office Patches.
-------------------------------------------------------------------------------------------------------------------

W E B L I N K S
Alienvault:
http://labs.alienvault.com/labs/ind...-x-seen-in-the-wild-delivers-mac-control-rat/

Trend Labs:
http://blog.trendmicro.com/maliciou...political-events-as-lure-for-targeted-attack/

Microsoft Bulletin:
http://technet.microsoft.com/en-us/security/bulletin/MS09-027
Microsoft Update: http://support.microsoft.com/kb/969514
Click to expand...

Lets say you get a word file from your bank. Your bank is infected. BOOM! the bad guys own your life. This is not good.
 
clean here!

Screen_shot_2012_04_05_at_12_06_04.png


OS X 10.6.7
 
I'll find out when I get home tonight, but I'm reasonably sure I don't. I get pop ups to install flash but I usually ignore them but to be safe, I'll be checking
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back