Antivirus Firms Release Free Tools for Cleaning Macs Infected by Flashback

[kiljoy616]

All Mac antivirus software is a scam. My mom's friend paid a lot of money to get her Mac cleaned of "viruses". Anyway "Mac antivirus" is an oxymoron. As for antimalware, that is easy to do without paying.

----------



I laughed when I saw that part in the movie when I first watched it in 2011. The kid said, "This is a UNIX system!"

And then they run a quicktime. Oh that was the movie for Mac fans.

----------

Company offers free antivirus software? Is this not just a precursor to getting you to buy there antivirus software. Coming from a PC background I've always been suspicious that Norton and others have 1 department creating viruses whilst another creates antivirus software. Or am I just skeptical?
Either way as I'm waiting to buy a new iMac I'm less than happy to hear about Mac viruses.

No virus, not really an issue, I am all for this is hype and paranoia which seems to permeate all of life and is great for news outlets. Buy away, forget Virus Software and turn off Java which you hardly ever need and your fine. Javascript is sandboxed so much safer.

While most spyware components (hijackers especially) get on to people systems through ActiveX, it is possible for spyware to use these security weaknesses in Java to try and infect the users system. A bug discovered in October 2000 allows the system to automatically run signed or unsigned ActiveX scripts by the use of Java without the users permission (ActiveXComponent bug).

And we all know how secure ActiveX is on the PC

 

[MH01]

The cure would be to stop using Java. Java always has security issues, just like flash. It's awful software.

ha ha ha ha ha ha ha ha ha! Classic!

My advice to you, Stay off the internet! Best cure!

owww and I do not think Java is what you think it is.... Do some research!

 

[MH01]

Both are equally bad, yes, but viruses are easier to get infected by and typically harder to remove. Antivirus software is a must when you are vulnerable to viruses because they will infect you without you knowing.

However, Apple is already preparing for malware attacks, and Mac malware has been easy to get rid of so far. Having antivirus on a Mac barely does anything, and it doesn't do anything that can't be done easily for free. In fact, it slows you down and costs a considerable amount of money, so it's not worth it.

The antivirus is even sometimes worse than a virus.

Dude, they are the same thing these days! One of the most stupid arguments on MR is Virus/Malware artguements. The stupid smugness that one cannot get a virus is really really silly, Malware is just as bad. When someone steals your credit card details.... you not going to give a crap if it was done via virus or malware!

Apple is preparing for malware attacks? Are you serious? Apple is reactive! With popularity more of these exploits will arrive. Is your stopped right now, introduced no new software worldwide, you can say your are right, with all new software new exploits are introduced.

So in the future, are you going to wait for news sites to tell you there is a new malware on a mac, and wait for the free instructions on how to check/remove it?? By then, you would have lost a hell a lot of private/financial data.

I fee a hell of a lots more secure on my PC right now, running avast which checks webpages i visit and has a daily updated file with definitions of virues/malware. And with the speed of current day cpus and SSD drives, you do not even notice a security program running.

 

[MonkeySee....]

So to be safe I disabled Java in the Java preferences app and now Firefox 11.0 crashes when I attempt to launch it?

Safari does NOT crash?

I'm using OSX 10.6.8 and can't upgrade to Lion because of software compatibilty issues with Lion.

In Firefox you can disable the Plugin. As GGStudios said you don't need to touch the app

 

[digitalrampage]

This is totally bogus.. I can't believe I ran this.

just do a whois on the website.. its registered via godaddy and no surprises but kaspersky doesn't use godaddy.

Why is MacRumors posting this stuff - if I had to put money on it, I have now infected myself with something beyond flashback.

 

[Oletros]

This is totally bogus.. I can't believe I ran this.

just do a whois on the website.. its registered via godaddy and no surprises but kaspersky doesn't use godaddy.

Why is MacRumors posting this stuff - if I had to put money on it, I have now infected myself with something beyond flashback.

What is bogus?

 

[StrudelTurnover]

I checked and was not infected. I'm always skeptical about companies doing anything for free. What's the catch with Kaspersky?

The catch is it got you to type "Kaspersky" into a forum post. I had forgotten they even existed before reading this news article.
Companies do things for free all the time, except they are also getting something in return.

 

[mabaker]

I would trust F-Prot, not KAspersky.

 

[Augure]

The so-called "no virus on Mac" is now officially dead.

It was doomed to happen eventually, and will only get worse as Mac gain popularity

 

[mabaker]

The so-called "no virus on Mac" is now officially dead.

It was doomed to happen eventually, and will only get worse as Mac gain popularity

Do differentiate between mass hysteria and a real virus, please.

 

[Can't Stop]

****ing vultures ...

 

[Nuvi]

Has anyone found the infection? Not that I've seen, aside from the reported "600,000" number.

And if you are infected, what is the effect exactly?

First of all Flashback is downloader for the actual payloads. There are at least two known payloads in the wild. One is advertising scam and the other one is stealing your banking, credit card, password etc. personal information.

Regarding the number of infected computers the 600 000 in worst case scenario is just the tip of the iceberg that security firms have managed to contact (and get the UUID) with their C&C which imitates the real C&C. If they have managed to contact the most then the number is close to the one published. However, I wouldn't be surprised if this number goes up.

 

[Nuvi]

Do differentiate between mass hysteria and a real virus, please.

In all seriousness what do you want. If trojan stealing you personal data (passwords, credit card numbers, banking info) isn't cause for concern then what is? Real Virus?!? FYI there is not a single non living organism that can get a real virus. In order to be considered as a virus it must be able to replicate itself in a living organism... Then again money grabbing trojan malware is worse enough for me... This whole discussion about one being a virus or Trojan is pointless from end user perspective. The fact remains, you can get the Flashback downloader (and eventually one of the payloads instructed by C&C) from a random site without entering a single password.

 

[goosnarrggh]

I guess being too lazy and, frankly, cheap to spend that $29 seems pretty stupid now, doesn't it?

Anybody still running a PowerPC-based Mac is most definitely running Leopard or older. The vulnerability which led to this exploit almost certainly exists on those machines, and it will never receive an official fix from Apple.

Now, from the quick little bit of research I've done, it appears that this particular exploit sends executable files to your computer that are not Universal (ie. they are compiled only for native Intel CPUs, and do not contain a corresponding PowerPC version).

So that means that, in this particular instance, the trojan would be incapable of creating any negative impact on any PowerPC machine which managed to accidentally pick it up. But the fact remains that the vulnerability is still there, so the possibility exists that somebody could recompile a new version of the trojan that did contain a Universal binary to which both Intel and PowerPC Macs would be susceptible.

 

[MonkeySee....]

The so-called "no virus on Mac" is now officially dead.

It was doomed to happen eventually, and will only get worse as Mac gain popularity

 

[kamonohashi]

I used this and it said it removed it and then when I restarted my mac i ran the web checker again and it said I still had it?

It is because your system's UUID is still in Kaspersky's database.
If I understand correctly, one of the things the Flashback Trojan does is sending data (containing infected machines' UUIDs) to a bunch of servers, everyday at a certain time.
What Kaspersky did is they set up a fake server which was able to receive this data.
From there, they built a database containing all infected UUIDs, and made a webpage for users to check whether theirs was in it or not.

This webpage and the removal utility are two separate things.
Removing infected files doesn't erase your UUID from the database, so if your machine has been infected at any point in time, you'll always be marked as infected on the webpage. Even if buy a new hard drive and make a completely clean install.

This is totally bogus.. (...)
just do a whois on the website.. its registered via godaddy and no surprises but kaspersky doesn't use godaddy.

Come on. A link to the webpage is on Kaspersky's official website's frontpage.
Top left. "Macs Are No Longer Safe From Hackers".

For the record, I did all the tests on the two Macs I have at home.
Both came up negative with the F-Secure method.
But one came up positive on the Kaspersky site, as well as in the downloadable application.
It is a machine on which I remember installing a very fishy looking Flash "update" a few days ago.
The update in question popped-up out of the blue when my mouse cursor hovered over some ad, on a legitimate, non-Russian website (I think it was Japanese).
I hesitated, but assumed I should be alright because I had an anti-virus (namely Sophos) up and running. So I proceeded with the installation.
Seems I should never assume safety. Hopefully I'll remember it.

Funny thing is I have used Macs and PCs for a very long time, and this is the first time in my whole life I get infected by something this bad.
Back to PC era paranoid online behavior, I guess.
Not going to pay for Kaspersky, though, that's for sure.

 

[Phil A.]

If you use Java, that usually simply means that you live in the world of grown ups where people use their computer for business and work and not just to browse through Facebook and YouTube. Whether anyone likes it or not, Java is - and remains - the number one platform for enterprise software and it also still is the most widely used programming language on the globe.

Apple only lost their interest in Java when they realized that enterprises did not want to use Macs and when it became very obvious that Apple had turned into a pure consumer brand.

At last - someone who is talking sense about Java!
If you are doing serious, enterprise level, development there is a good chance it's in Java and using an IDE that's also written in Java...

 

[Krazy Bill]

The cure would be to stop using Java.

A very narrow sighted solution and you obviously aren't slave to corporate America. Many of us simply have no choice.

Not getting infected by malware is up to you and your online practices.

Uh... really? Have you been following this at all?

 

[digitalrampage]

It is because your system's UUID is still in Kaspersky's database.

Come on. A link to the webpage is on Kaspersky's official website's frontpage.
Top left. "Macs Are No Longer Safe From Hackers".

.

Seems all like scaremongering.. My UUID is in their s-called database, but no virus? I guess the potential is that I had it and a OS update/security update cleared it but.. hrm..

I feel better now, but still..

 

[tblrsa]

Yes, there seem to be a lot of scaremongering going on. Cui bono?

If you are really paranoid, install Little Snitch. It is a good tool to monitor your outgoing connection attempts.

 

[digitalrampage]

Yes, there seem to be a lot of scaremongering going on. Cui bono?

If you are really paranoid, install Little Snitch. It is a good tool to monitor your outgoing connection attempts.

That went on about 5 seconds after I ran the program...

Is it just me, or am I the oldest member in this thread, including Macrumors... lol.

 

[GGJstudios]

Just to be clear it's not necessary to disable Java in the Java preferences app then too?

You don't have to uninstall or disable Java on your computer. You only need to disable it in Safari Preferences.

People who don't admit that "virus" and "malware" mean the same thing to most people miss the point.

So because the masses are uninformed, you're suggesting those of us who are informed should simply adopt the same mentality? Everyone move to the lowest common denominator? Not gonna happen! Those who fuss about us making the distinction between viruses and other forms of malware are suggesting exactly that. This is a technical forum. This should be a place where the "masses" can come to get accurate information. So they don't know the difference. If everyone here adopted your thinking, they wouldn't be able to learn the difference, even here. I, for one, would rather continue to be a source for accurate information, no matter now many complain about it. Those who truly want facts will appreciate it. Those trying to stick their head in the sand won't.

Just get off the "virus vs. malware" track

It's not "virus vs malware" A virus IS a form of malware.

A gun is a weapon.
A knife is a weapon.
A gun is not a knife.
A knife is not a gun.
All weapons are not guns.
All weapons are not knives.
Why does it matter what you call it? Because it has everything to do with how you defend against it.

A virus is a form of malware.
A trojan is a form of malware.
A virus is not a trojan.
A trojan is not a virus.
All malware are not viruses.
All malware are not trojans.
Why does it matter what you call it? Because it has everything to do with how you defend against it.

The so-called "no virus on Mac" is now officially dead.

No, it isn't. Read and educate yourself: Mac Virus/Malware FAQ

 

[CrickettGrrrl]

But is it true that you can get this so easily from visiting a site? And I'm sure legitimate sites don't get infected with something that makes them spread it to Macs.

A lot of things happened at the same time,” said Mike Geide, senior security researcher at Zscaler ThreatLabZ. “There have been mass compromises of WordPress sites, and the controllers [for those hijacked websites] match the domain structure Doctor Web described. That’s been ongoing since at least early March.”

WordPress is a popular open-source blogging and content management platform used by about one in seven websites.

Those usurped WordPress sites have been redirecting users to malicious URLs, where hackers have hosted the Blackhole exploit kit. Blackhole tries multiple exploits, including several aimed at Java bugs on Macs, to compromise machines.

The sheer size of the WordPress installed base and the scope of the WordPress injection campaign means that it would not have been impossible for hackers to poison more than 600,000 Macs.

The above quote is from:
http://www.macworld.com/article/1166255/security_experts_600_000_plus_estimate_of_mac_botnet_likely_on_target.html

Something (corrective, I hope) was going on with various WordPress sites I follow, over the past week. -And Apple has been working with ISPs etc. to block Flashback malicious URLs.

 

[blewvelvet]

Snow Leopard?

"I would guess that way over 16% of Macs are running a pre-Snow Leopard OS."

Hell..I would like to know the percentage of how many are still on Snow Leopard considering no Rosetta on Lion and the other issues that came with Lion???

I think when some of the issues and complaints started rolling in...I still did not upgrade Lion. Watching all my other co-workers..... When you wait and watch other people go through the frustration...you tend to sit on the sides and watch with curiosity and a nice feeling of security.

Once we get Rosetta back in Lion..I will make the move! Otherwise..I will have to flip for thousands of dollars in new software! Not going to do it in this economy.

 

[Sackvillenb]

I really wish Apple would take their own security more seriously. Especially since it's such a touted feature of the mac! Now, I realize that mac's are quite safe (compared to pc's), but if I was Apple, I would work harder at maintaing this reputation. When a trojan shows up, at least own up to admit, don't pretend it's not there, and publish an update to fix the breach! Its not like Apple doesn't have the money to do this... Just saying...