Apple Releases Flashback Removal Tool for Macs Running OS X Lion without Java

[GGJstudios]

The latest (rumored) exploit (also ineffective) did download in "drive by" manner but still had to be oked to install, but without the admin password.
Without ANY user interaction it was not possible to install this.

That's not true. The latest variant installed itself via a Java vulnerability, without any password required and without any interaction from the user.

by the time the latest version (that is rumored to still be out there) came along when this was wildly discussed, so who would not have Jave disabled by then?

All those less computer literate users who didn't know about disabling Java, or don't even know what Java is .... I'm gonna guess somewhere in the hundreds of thousands.

If you are just slightly security minded you knew for the last 2 month about this and simply disabled Jave, did not use your Admin account or simply applied some comon sence.

It requires not just being security minded, but being informed. There are many who are willing to take whatever steps to secure their Macs, but simply don't know how to do it properly. That's why some of us spend so much time posting here, to educate those security-minded users who find this forum and want to know how to do it.

But even IF you got this "trojan" (I did not find anybody yet) so was the result what exactly? Right, nothing at all.

No, not nothing at all. That's the disturbing part. The user may not be aware they have this trojan, but it can be used to steal information from their computer. That's far from being "nothing at all."

Little snitch would have allerted you instantly

Only if you knew about Little Snitch and had it installed. Many come to this forum having never heard of it.

if you did not have this, your firewall would have allerted you

No, the firewall would not have alerted users to the presence of this trojan.

you should at least be curious, why all over sudden your password is asked for an install

Again, if the Java exploit was used, no password was asked for or required.

ignore news on the net about it

I would guess that the vast majority of users don't read technology news.

The fact is, due to the Java vulnerability, many users were silently infected by this Trojan, without being alerted in any way that they were infected.

In this forum, I've been encouraging people to disable Java in their browsers since at least 2010, but this forum represents a tiny fraction of Mac users, and not even everyone who has visited this forum has read such posts. We do our best to educate and inform, but our audience is very small, compared to the millions of Mac users out there. Even with our efforts, there are still many operating with misinformation, as your post illustrates.

 

[sha4000]

I'm not going to quote your whole post GG but I can respect you for your patience when trying to explain "how to protect your computer" to the ppl that are uninformed. lots of ppl take your advice the wrong way(Condescending at times) even i used to read your posts and wonder "why does h/she keep saying the same thing over and over but I quickly learned that is YOUR way of relaying information to the masses. I have noticed that your adapting to explain these things a little more so that your clear and ppl understand that your not just praising the Apple platform but stating the facts about the situation. Some ppl just dont understand how computers work and they really don't want know. THEY JUST WANT IT TO WORK or IT JUST WORKS is a common enough saying around here. I hate it when posters keep blaming the "end user" for everything that goes wrong with their PC/MAC because like DWIGHTEB and I also believe most ppl have no ideal how their machines actually work. I'm by no means an expert but I'm the IT person for my whole family and friends who have NO clue how to trouble shoot anything computer related. I mean ppl dont even know what windows or software update is or does.

 

[GGJstudios]

i used to read your posts and wonder "why does h/she keep saying the same thing over and over but I quickly learned that is YOUR way of relaying information to the masses.

I keep saying the same thing over and over because people keep asking the same questions or posting the same misinformation over and over. There's only so many ways you can answer the same question.

I hate it when posters keep blaming the "end user" for everything that goes wrong with their PC/MAC

I agree that the masses of end users should not be blamed for being less computer literate or not practicing safe computing (most don't even know what that is) or not understanding the differences between virus/trojans/malware. I certainly don't blame them. However, when people come to this forum looking for answers, we shouldn't perpetuate the same misinformation that's out in the media or in society. We should give factual information and use correct terminology, so readers can be educated and informed.

 

[AidenShaw]

We should give factual information and use correct terminology, so readers can be educated and informed.

You don't need to understand General Relativity in order to understand that an apple falls to the ground. Newton's explanation, while wrong, is a useful approximation.

Do you correct every post that uses "MB" when "MiB" is the proper term, or "GB" for "GiB"? That's another windmill to chase....

 

[sha4000]

I keep saying the same thing over and over because people keep asking the same questions or posting the same misinformation over and over. There's only so many ways you can answer the same question.

I agree that the masses of end users should not be blamed for being less computer literate or not practicing safe computing (most don't even know what that is) or not understanding the differences between virus/trojans/malware. I certainly don't blame them. However, when people come to this forum looking for answers, we shouldn't perpetuate the same misinformation that's out in the media or in society. We should give factual information and use correct terminology, so readers can be educated and informed.

I'm not disagreeing with you per se, I really believe that your info is valuable but then we get lots of posters that piggy back off that info and then use it to try and belittle the more novice posters. Ppl then don't want to ask the questions that they really need help with thereby making a bad situation worse.

 

[whatnow4444]

I registered to ask this question. I just received and completed the Java for Mac OS X Update 8 on my computer and was told it found a variant of the Flashback malware and removed it. Could damage already be done even though they removed it?

 

[AidenShaw]

Yes, yes and yes

I registered to ask this question. I just received and completed the Java for Mac OS X Update 8 on my computer and was told it found a variant of the Flashback malware and removed it. Could damage already be done even though they removed it?

In fact, you may still be infected.

"Flashback" itself is harmless - but very dangerous. The trojan itself does no harm, but it's an agent that will download other more harmful software to your system.

Think of it as a "Software Update app", that regularly checks with the servers and downloads updates defined by the servers. The "updates" may be keyloggers, bank account loggers, credit card stealers, or whatever.

Removing the "software update app" won't remove the malware that it's already downloaded.

There's a lot of good advice here - in particular "Little Snitch" is a great tool to discover unexpected network traffic.

Expect that over the next few weeks the anti-malware vendors will identify most of the "malware plugins" that Flashback has downloaded, and will be able to remove them. (And a few months later, Apple will provide tools to remove them.)

 

[Chlloret]

In fact, you may still be infected.

"Flashback" itself is harmless - but very dangerous. The trojan itself does no harm, but it's an agent that will download other more harmful software to your system.

Think of it as a "Software Update app", that regularly checks with the servers and downloads updates defined by the servers. The "updates" may be keyloggers, bank account loggers, credit card stealers, or whatever.

Removing the "software update app" won't remove the malware that it's already downloaded.

There's a lot of good advice here - in particular "Little Snitch" is a great tool to discover unexpected network traffic.

Expect that over the next few weeks the anti-malware vendors will identify most of the "malware plugins" that Flashback has downloaded, and will be able to remove them. (And a few months later, Apple will provide tools to remove them.)

Point is, that flashback did not load anything. It was not capable of it as all tests showed. It had the POTENTIAL, but, like all the "Virus infections" of Macs before, nothing actually happend.
There are still very few actual confirmed "infections" myself or the computer gurus here did not actually see any. And we have a LOT of Macs running. Little snitch is as far as I know on all commercial used Macs installed and because we got the license, I did of course install it on my private computers as well. Sure, the average Mac user is not going to have it but even with my friends or there kids, nothing could be found.

I do not see the point in putting average users down, that they click on anything that moves, giving there password to anybody and and can not possibly know that some software might bring harm.

I see very different people. Besides, if these people are so ignorant, how would they get the updates in the first place? Java and Flash has to be installed first, so right there those people would be at a loss. We do not have Java nor Flash installed, what for? Why would anybody that got no idea about computing, install these programs?

People that DO know what they are doing will take precautions, like click to flash ect.

I still want so see CONFIRMED half a million downloads for this flashback or there variants, not a guessed number from a russian website on a Sunday afternoon that has been repeated the world over without even checking. Until then I stay with the facts, none of our Macs has been affected, we are running in excess of 15000 individual systems worldwide, so I see no reason what so ever to alter any of my browsing or general computer use. For me, there has been and there is not, any threat present that could in any way harm my computers, software wise. Of course, you could run a truck over it, but I guess that would hurt any system.

 

[sha4000]

Point is, that flashback did not load anything. It was not capable of it as all tests showed. It had the POTENTIAL, but, like all the "Virus infections" of Macs before, nothing actually happend.
There are still very few actual confirmed "infections" myself or the computer gurus here did not actually see any. And we have a LOT of Macs running. Little snitch is as far as I know on all commercial used Macs installed and because we got the license, I did of course install it on my private computers as well. Sure, the average Mac user is not going to have it but even with my friends or there kids, nothing could be found.

I do not see the point in putting average users down, that they click on anything that moves, giving there password to anybody and and can not possibly know that some software might bring harm.

I see very different people. Besides, if these people are so ignorant, how would they get the updates in the first place? Java and Flash has to be installed first, so right there those people would be at a loss. We do not have Java nor Flash installed, what for? Why would anybody that got no idea about computing, install these programs?

People that DO know what they are doing will take precautions, like click to flash ect.

I still want so see CONFIRMED half a million downloads for this flashback or there variants, not a guessed number from a russian website on a Sunday afternoon that has been repeated the world over without even checking. Until then I stay with the facts, none of our Macs has been affected, we are running in excess of 15000 individual systems worldwide, so I see no reason what so ever to alter any of my browsing or general computer use. For me, there has been and there is not, any threat present that could in any way harm my computers, software wise. Of course, you could run a truck over it, but I guess that would hurt any system.

I can understand your skepticism but you do realize the name of the thread that your posting in right now. If there were truly nothing to be worried about why are Apple releasing a fix through software update? Of course this situation is over-hyped to some extent but where there is smoke there is fire. More informed users don't believe the gloom and doom of OSX but just because you see no reason to change YOUR browsing habits doesn't mean less savvy individuals should not be more cautious in the future. I'm glad that your 15000+ systems are clean but that's a small amount compared to the total number of Macs in operation which according to the news is somewhere in the range of 6m+.

 

[Chlloret]

I can understand your skepticism but you do realize the name of the thread that your posting in right now. If there were truly nothing to be worried about why are Apple releasing a fix through software update? Of course this situation is over-hyped to some extent but where there is smoke there is fire. More informed users don't believe the gloom and doom of OSX but just because you see no reason to change YOUR browsing habits doesn't mean less savvy individuals should not be more cautious in the future. I'm glad that your 15000+ systems are clean but that's a small amount compared to the total number of Macs in operation which according to the news is somewhere in the range of 6m+.

Apple released a fix for a real existent hole. That is only comon sense. How important this fix is/was,got nothing to do with it.
The reported 500000-600000 infections would mean nearly ten percent of the installed userbase. Sorry, but I say, no, that would have been seen. And of our (sadly not mine) 15000 Systems there would have been statistically over thousend infections being found. But the result was.....none.
We did inquire in other companies, we even inquired with Apple directly, there where no infections reported.
All you find are random people on forums that say things like "horror, had to reformat my drive" or "my mac did not start anymore, flashback destroyed my computer" and the like.
NOTHING like 10% of all machines being affected.

In earlier days we had a simple saying about things like that: scareware.

NO system is safe, by all means, I would never say because one uses a mac there is no danger. But hyping this "flashback" to the point that nobody is safe and this is the end for Apples easy going streak is a bit, well, fishy.

 

[sha4000]

Apple released a fix for a real existent hole. That is only comon sense. How important this fix is/was,got nothing to do with it.
The reported 500000-600000 infections would mean nearly ten percent of the installed userbase. Sorry, but I say, no, that would have been seen. And of our (sadly not mine) 15000 Systems there would have been statistically over thousend infections being found. But the result was.....none.
We did inquire in other companies, we even inquired with Apple directly, there where no infections reported.
All you find are random people on forums that say things like "horror, had to reformat my drive" or "my mac did not start anymore, flashback destroyed my computer" and the like.
NOTHING like 10% of all machines being affected.

In earlier days we had a simple saying about things like that: scareware.

NO system is safe, by all means, I would never say because one uses a mac there is no danger. But hyping this "flashback" to the point that nobody is safe and this is the end for Apples easy going streak is a bit, well, fishy.

Ok is it 1% or 10% of Macs? it has been wildly reported right here on this forum that it was a relatively small figure of Macs infected I personally do not know how many ppl are using OSX. Just in this forum in the multiple threads some ppl have reported finding the malware on their Macs. No they didn't say it had done anything malicious but they still found it. Granted there are only a few that did come up positive but why is it so hard for you to believe that Macs were hit with this malware? I know that the AV companies are playing it up to try to capitalize on some ppls fears. Apple didn't just patch the hole they released an actual tool to remove the malware if it is found on your computer. Even though it has not caused any harm so far how do YOU know that it has not collected any personal info for whatever reason from the computers that were already infected? I know that's not your main point but what does it matter if the numbers are fudged ALL companies do that when it can benefit them in some way. The fact of the matter is that it is out there and has been out there for some time and Apple as well as all the Mac users need to pay just a little more attention. No OS is virus,malware or whatever you want to call it proof.