Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Releases Flashback Removal Tool for Macs Running OS X Lion without Java
- Thread starter MacRumors
- Start date
- Sort by reaction score
Most people don't but if you play any browser based games you need Java. A few apps are also java based.
Usually perhaps, but not "always". Sometimes one side is telling the truth, the whole truth, and nothing but the truth; and the other is telling a flat-out lie.
Thank you for one sentience of attempted intelligence and three paragraphs of useless ranting.
Both fixes require getting the person who owns the product to pursue a fix whether it be clicking the software update (You would surprised at how difficult that alone is) or bringing the vehicle in. In fact given the Ford issue was life threatening and made NATIONAL news, people reacted and brought their cars in. Multiple people on this thread have even said "oh I just ran the scan and it removed the virus...I did not even know I had it."
I am not justifying why Mac if safer than a PC, I do not have to, look at the statistics. Macs are less prone to infections than PC's. If people are dumb enough to open or click the virus then they deserve whatever they get, does not matter what platform they run.
I believe you are referring to JavaScript, which is not affected by this malware or by Apple's patches.
A new Mac trojan has just been identified. It was released into the wild about March 16th, and uses the same Java exploit to gain access and infect Macs. More info:
http://www.zdnet.com/blog/security/new-targeted-mac-os-x-trojan-requires-no-user-interaction/11545
Look for the following 2 files being present to detect infection:
/Library/Preferences/com.apple.PubSabAgent.pfile
/Library/LaunchAgents/com.apple.PubSabAGent.plist
This trojan reportedly does the following to a Mac:
"After infecting a given Mac, this Trojan is like most: it connects to a remote website using HTTP in typical command and control (C&C) fashion to fetch instructions from remote hackers telling it what to do. The backdoor contains functionality to take screenshots of the users current session, upload and download files, as well as execute commands remotely on the infected machine. Encrypted logs are sent back to the control server, so the hackers can monitor activity."
http://www.zdnet.com/blog/security/new-targeted-mac-os-x-trojan-requires-no-user-interaction/11545
Look for the following 2 files being present to detect infection:
/Library/Preferences/com.apple.PubSabAgent.pfile
/Library/LaunchAgents/com.apple.PubSabAGent.plist
This trojan reportedly does the following to a Mac:
"After infecting a given Mac, this Trojan is like most: it connects to a remote website using HTTP in typical command and control (C&C) fashion to fetch instructions from remote hackers telling it what to do. The backdoor contains functionality to take screenshots of the users current session, upload and download files, as well as execute commands remotely on the infected machine. Encrypted logs are sent back to the control server, so the hackers can monitor activity."
Thank you. Sentience usually is the first step on the long road towards attempted intelligence. I'm just trying my best.
And the three paragraphs of useless ranting? Well, I said trying, not doing.
Yep, I'm totally unreasonable to even suggest a modicum of computer literacy!
I practiced all mentioned steps of computer safety, updating software religiously, NEVER installing things from any site but vendor ones - only installing apps from the app store and known companies etc.
Yet I was still infected- how?
I ran java, must of visited a 'bad' site/link before apple got their thumb out of their behind and got nuked.
Just spent a fun day changing passwords and a bunch of other stuff. Great.
I must be one of those computer illiterate folks who just deserves it.
The big question here is will this incident get Apple to update Java more quickly after a new version is out? We saw how quickly they issued an update after the Flashback Trojan got really bad, so why couldn't they have done that 8 weeks ago?
Remember that first Oracle must release a Java update, and then Apple must port a Mac version of the update and release it. In this case, Apple was dragging their feet in getting Mac Java to the latest version (many weeks behind). The latest version from Oracle (update 31) closed a rather serious security flaw. I am vigilant about keeping Java up to date on my Windows/Bootcamp install, so it was concerning me that my Mac version still wasn't updated. Frankly, I'm not surprised that this happened. The cybercriminals saw an opening, and they took it.
Remember that first Oracle must release a Java update, and then Apple must port a Mac version of the update and release it. In this case, Apple was dragging their feet in getting Mac Java to the latest version (many weeks behind). The latest version from Oracle (update 31) closed a rather serious security flaw. I am vigilant about keeping Java up to date on my Windows/Bootcamp install, so it was concerning me that my Mac version still wasn't updated. Frankly, I'm not surprised that this happened. The cybercriminals saw an opening, and they took it.
To make a computer trojan-proof, you have to make it user-proof. Good luck with that.
Because you didn't practice all mentioned steps:
And like Flashback and prior malware that exploited Java, those who follow those safe computing tips I mentioned are completely protected from it.
Last edited:
Time to overhaul your guessing machine. Or perhaps it's the desire to assume, launch a weak, tacky attempt to insult, or to display your questionable clairvoyance.I often wonder why PC trolls feel the need to post in Mac forums. Kind of like Atheists posting in Christian forums. In both cases, Christians have done little to offend or bother Atheists and Mac users do little to offend PC users. The common characteristic seems to be that both ******s feel the need to try and bully or intimidate. Kind of obvious where you stand here.
When I have been forced to use a PC.... viruses, malware or spyware are never ending issues.... I've been using Mac's since OS 8.... And for the first time in what?... something like 17 years I have to dick with this and my main machine doesn't even look to be infected. Bash Apple all you want.... they're still all aces in my book as they have built their OS's to make this crap less of an issue for we users to have to deal with.
Go run a virus check on your PC.... or spend more time looking at all the annoying pop up windows for God knows what.... I'm going to go back to doing some more work learning Drupal theming on my Mac.
First and foremost I've enjoyed using Macs in my engineering group for years. Just because it's a fact, doesn't require me to be a yes man. I speak my mind and give Apple credit for exemplary work each time they deliver.
Conversely when they go silent, hide, or delay, it's my prerogative to discuss it. Pros & Cons are a fact of life.
Life as an Apple enthusiast is quite nice. If the sensitive boys can't accept others opinions they are free to hide from forums of public opinion.
It's just a computer, no matter the platform. Nothing is perfect.
I happen to like all platforms, although my laptop / platform of choice is biased towards Macs hands down. It's as simple as that.
As what NOT was stated is WHOM creates the code before Apple augments it for OSX? That is what I was asking not focusing on Apple being late to deliver it; I was looking for the root cause.
Well, not everyone got a fiber at home. I had to install a recent Laptop (dual core, 4GB) and after the rather quick install ( about 40 mins) and a further hour to find the not recognised drivers (mainly the wireless, without it, you can not get the drivers from the manufacture, so I needed a second computer) it needed to "update". A total of 109 updates with 644MB. That took some more hours, but in the mean time, I could install all kinds of programs and start to put the before saved files back (alone the saving of the files from the harddrive, 540 GB in small files took nearly 2h, thats BEFORE the reinstall)
When the updates where downloaded, they startet to install, more then an hour and the computer was useless in that time, everything slowed down to a crawl. 6 restarts later, everytime with extreem boot times as windows installs something....15%.........30%..................38%.....ect it decides that oh, there are more updates to download, including the service pack1. Now, why did it not download that FIRST? Anyway, a quick hour later, and two restarts, that was installed but resulted in...you guessed it, more updates (.net and what have you) and yes, it took 8h to get it working with the basics, at least 2more to get it to the point it was before the infection.
Somehow that is much easier und A LOT faster on a Mac. I take the mashine, stick in my time mashine and a have shortly after the EXACT same computer then the one that died. Down to the accounts and passwords from e-mail to anything else. No configuration whats so ever.
That's why I backup a system image along with my files every week. A few months back an install of Windows 8 Developer Preview went bad. Reinstalled from System image and got my machine exactly how it was before I installed Windows 8 in about 20 minutes. Didn't even have to reinstall Windows 7 beforehand.
Try Windows Backup next time
Too bad you didn't start the Windows equivalent of Time Machine before the problem - Windows Backup does scheduled backups with the ability to make both point-in-time file restores and full system ("bare metal") restores. You can also take individual manual backups for off-site archiving if you want.
Look at "Start" -> "Control Panel" -> "Backup and Restore" .
"Windows Home Server 2011" has a more powerful remote backup utility that supports multiple backups per day (not recommended to backup more often than hourly), file versioning, and also bare metal restore. It uses SIS (Single Instance Store) and volume snapshotting to limit each backup to the size of new data added to the system. SIS extends across systems, so files present on multiple systems (the OS, Office,...) are only stored once.
"Windows Home Server 2011" is really a role for "Windows Server 2008 R2". It costs about $60 and can be installed on any x64 system, and can use any disk system supported by Server 2008 R2. (On mine I have an 8TB RAID-5 (6TB usable) volume on a 3Ware 9650 controller, a 6 TB RAID-5 (4.5 TB usable) on the Intel ICH RAID in the chipset, and a 5 TB RAID-5 (4 TB usable) on a 5-bay eSATA PM cabinent using Windows software RAID-5).
______________________
You're criticizing Windows for being difficult, but you really should blame yourself for not setting up backups on Windows.
Too bad you didn't start the Windows equivalent of Time Machine before the problem - Windows Backup does scheduled backups with the ability to make both point-in-time file restores and full system ("bare metal") restores. You can also take individual manual backups for off-site archiving if you want.
Look at "Start" -> "Control Panel" -> "Backup and Restore" .
"Windows Home Server 2011" has a more powerful remote backup utility that supports multiple backups per day (not recommended to backup more often than hourly), file versioning, and also bare metal restore. It uses SIS (Single Instance Store) and volume snapshotting to limit each backup to the size of new data added to the system. SIS extends across systems, so files present on multiple systems (the OS, Office,...) are only stored once.
"Windows Home Server 2011" is really a role for "Windows Server 2008 R2". It costs about $60 and can be installed on any x64 system, and can use any disk system supported by Server 2008 R2. (On mine I have an 8TB RAID-5 (6TB usable) volume on a 3Ware 9650 controller, a 6 TB RAID-5 (4.5 TB usable) on the Intel ICH RAID in the chipset, and a 5 TB RAID-5 (4 TB usable) on a 5-bay eSATA PM cabinent using Windows software RAID-5).
______________________
You're criticizing Windows for being difficult, but you really should blame yourself for not setting up backups on Windows.
Last edited:
Who thinks it's possible that the seemingly inflated infection rate statistics of this malware are due to some Windows malware using MAC address spoofing to obscure the fact that it is actually running on a Windows machine?
MAC addresses are easily spoofed.
This would be a good way to hide the target systems that belong to a botnet.
This malware required a lot of user interaction to infect the target app, namely Safari.
Does it even function properly if it doesn't infect Safari?
Does it even connect to the c&c server without successfully infecting Safari, which requires password authentication?
MAC addresses are easily spoofed.
This would be a good way to hide the target systems that belong to a botnet.
This malware required a lot of user interaction to infect the target app, namely Safari.
Does it even function properly if it doesn't infect Safari?
Does it even connect to the c&c server without successfully infecting Safari, which requires password authentication?
Of course, if you do backups and have a System image on a drive you look good. Now, how many people do that? On my Mac its automatic, you plug the drive in, you are asked if you like this drive for backups (Timemashine) and click on "yes". Thats it.
Now, Apple puts this feature as a major point in the sales package. The system tells you about it when you start it the first time. The symbol is up on the taskbar for you to see and you do not have to do ANYTHING but plug in a drive.
How is this working with Windows? Why has nobody any backups? Even tho there is a rudementary backupsystem in Windows, very well hidden and not publicised at all. On top of that, its useless when you have the situation I was in with that horrible laptop (it was not mine but a friends who knew absolutely NOTHING about any OS, Software, backups or installations.) He had a desktop mashine with an old AMD prozessor and got this laptop from a friend. He now wanted his system on this laptop. On a mac no problem, on windows, even with backups, impossible.
Weird situation here. I don't have either of those files on my Mac that I can find (checked both the /Library and ~/Library (on both my account and my wife's account) just to be safe). Neither of those files are there, but something odd just happened. I'd noticed that Air Video Server was no longer running so I checked the Login Items on my wife's account (she's normally the one logged in, I normally just use my iPad) to see if it was still there and saw what I think was PubSabAgent with a yellow triangle alert next to it. I closed System Peferences to double check for those files and when I returned the PubSabAgent seemed to no longer be in Login Items, but now ScreenCapture was there. It could be something to do with having once had AirDisplay running on my account (though why it would show up on her account is beyond me), but I removed it from Login Items to be safe.
Any thoughts from anyone? I'm running a full scan with ClamXav as I write this, but I thought it was a little odd.
Btw, for those wondering, apparently Air Video Server requires Java to be running to work properly. At least, toggling Java on and off makes Air Video Server run or not run depending on whether Java is enabled in Java Prereferences.app so I'm assume that's it.
Edit: I should note that I'm on the latest version of Lion, with all the updates up to date as well, and I didn't seem to have the Flashback Trojan based on using the Terminal commands mentioned on F-Secure's site.
Look, I do not critisize anything, I took the consequences and use Macs for the last 20 odd years. I do not even care. I installed Windows 7 (home premium) on this laptop of a friend because he would not know how to do it. If you read your post with a little bit of distance, you will see that most of it is incomprehensable to the regular user. What ist Windows server 2011? And why should one know? What good would have been a backup of my friends old desktop on his new laptop? We DID save his data, but installed programs, non existing drivers, accounts ect can not be transfered. At least not for anybody understandable. Microsoft is not even capable to give you a simple intall DVD, you have to know if you need 32bit, 64bit, basic, home, pro, business, ultimate or what have you and who would know? I (and my friend) do not care what prozessor, how much memory, what drive or motherboard is in the mashine, its good to know that its
enough. The whole thing is way to complicated and I really think Apple is way ahaid there.