Apple Releases Java Update to Remove Flashback Malware

[iCaleb]

Thats weird. For some reason on one of my Macs it this update won't come up.

Maybe the update will only show up on infected macs.

 

[bsolar]

The update also disables automatic java applets from being executed, which is a very good thing.

In my opinion all plugins should get the same treatment and not run automatically, Flash included. That is somewhat inconvenient for some websites, but most extensions which allow this kind of blocking also allow whitelists and enabling the plugins on a case-by-case basis simply clicking the placeholder.

A small price to pay, but a huge security improvement.

 

[tbayrgs]

Well, can report that the update works (or appears to) as after installing on one of my computers, I received a pop up message advising that malware (flashback) was found and removed.

 

[roosta]

wow, even after running the terminal script to see if i had the trojan and it telling me my mac was clean, this update found and removed removed the flashback trojan

 

[bsolar]

Thats weird. For some reason on one of my Macs it this update won't come up.

The update is relevant only if you have Java. Maybe on that machine you don't have Java installed in the first place?

 

[svenn]

You're the exact type of user this update was released for.

I bet there are far more users of this type than you'd think. Not every mac user is an 'enthusiast.'

 

[Morod]

From the OP:
"Users may re-enable automatic execution of Java applets using the Java Preferences application."
So where do I find the Java Preferences application? It doesn't show up in Safari preferences or in the Applications folder. I'm running SL 10.6.8. Thanks.

 

[GGJstudios]

So where do I find the Java Preferences application? It doesn't show up in Safari preferences or in the Applications folder. I'm running SL 10.6.8. Thanks.

Do you have Java installed? Have you looked in the /Applications/Utilities folder?

 

[adamw]

wow, even after running the terminal script to see if i had the trojan and it telling me my mac was clean, this update found and removed removed the flashback trojan

Image

Not surprised that you were still infected. I was also still infected by 2 hidden program files, even after removing the trojan according to the F-Secure published removal instructions. I recommend you use "Little Snitch" to find any rogue programs on your Mac that attempt to send info out on the Internet without your permission. That is how I found the trojan's infected files on my Mac, even after the trojan was supposedly "fully removed."

 

[Exhale]

This isn't a virus. And it's estimated that less than one percent of macs that had the trojan.

One percent is however a large number for a trojan. Even widespread worms like Conficker reached estimates of 'only' 9 million, which when one considers the hundreds upon hundreds million Windows machines in service - is a rather small percentage for a malware that is capable of direct non-intervention machine-to-machine propagation. And it in addition used 'trusted' machine distribution and spreading through infected media devices. (USB sticks in particular) In comparison, Flashback is an unsophisticated and very basic piece of malware.

The removal tools that Windows Update regularly distributes though recorded only 1.7 million infections. (It won't of course count infections already removed by other software)

Bear in mind that 1% infection rate of Windows 7 machines alone means some 5 million infections, and its quite likely only Zeus, an very well known and well developed series of trojans (which is regularly sold to 'underground investors'), exceeds that percentage.

 

[djrod]

While you are partially correct, you are also wrong. You see, UNIX is open sourced, so that means there are people constantly finding bugs in it and pointing out errors within it. Also the fact that Mac OS by default has its ports closed vs. windows leaving them open by default adds another layer of security to the system.

The is a member here with a link to a page explaining the entire detailed information in their signature here on MR. Anyone who can post that link here would be my hero.

This guy?

https://forums.macrumors.com/posts/13699396/

 

[GGJstudios]

Not surprised that you were still l infected. I was also still infected by 2 hidden program files, even after removing the trojan according to the F-Secure published removal instructions. I recommend you use "Little Snitch" to find any rogue programs on your Mac that attempt to send info out on the Internet without your permission. That is how I found the trojan's infected files on my Mac, even after the trojan was supposedly "fully removed."

If you had Little Snitch installed, you shouldn't have been infected, anyway. That's one of the apps the trojan looked for and if it found it, it would uninstall itself.

 

[Josheh]

~snip~ OS X is inherently more secure ~snip~

Eh, I think that's true within reason. People assume though because they're on a mac that they're more secure. Maybe to a point, but because of that, people would tend to fall into traps a little easier since they'll always assume they're on a secure platform. They'll take risk, sometimes unknownly, that people on the windows platform wont take. (I know, some of you guys wont, but there's a lot of novice consumers out there)

I remember on windows, I remember before viruses got really insane. I remember being able to surf the internet without worrying about malware and other junk that secretly installed itself. I've fallen into those traps and didn't make that mistake again. Those are the same sort of faults that helped this slice of code get around.

I'm not sure OS X would ever erupt with the sort of widespread virus problems that Windows has though. Especially as they wall in their garden. iOS is a great example. The tight control they maintain helps prevent a lot of nasty stuff from getting through.

 

[adamw]

If you had Little Snitch installed, you shouldn't have been infected, anyway. That's one of the apps the trojan looked for and if it found it, it would uninstall itself.

I did not know about Little Snitch until after I was initially infected, and had already "removed" the trojan. Some forum member told me about it, and recommended that I install it, just to be sure. I am glad I did, as I still had 2 files infected by the trojan lurking on my Mac. There is no telling how much personal info was stolen from my Mac by this trojan. I have since changed my online passwords.

 

[GGJstudios]

I did not know about Little Snitch until after I was initially infected,

That explains it!

I have since changed my online passwords.

Very wise!

 

[Fraaaa]

And I just found out that I had flashback. Nice.

 

[joelovesapple]

Since I do not use or need Java for my usage, I have not got it installed, am sensible about where and how I surf, and am thus not infected.

In addition to this, I have not had the updates because the runtime isn't installed on my computer - I have also disabled it in Safari's security settings pane.

 

[Eric S.]

So the main difference between this and the 2012-002 update that I installed a few days ago is that this will actually remove the malware (which I don't have)?

And once again, users of Leopard and earlier OS versions are on their own.

 

[Michaelgtrusa]

They are moving fast.

 

[Eric S.]

They are moving fast.

You mean Apple? Yeah, once it became big news, about two months after Oracle released a fix for it.

 

[pooprscooper]

So the main difference between this and the 2012-002 update that I installed a few days ago is that this will actually remove the malware (which I don't have)?

And once again, users of Leopard and earlier OS versions are on their own.

Get LittleSnitch, and/or any of the free anti-malware solutions available.

 

[GGJstudios]

Get LittleSnitch, and/or any of the free anti-malware solutions available.

You don't even have to do that.

• If you're on Leopard or earlier and are running MS Office 2008 or 2011 or Skype, you're protected.
• If you have Java disabled in Safari, you're protected.
• If you simply type the following into Terminal, you're protected:
  
  touch /Applications/ClamXav.app​

 

[Mr. Retrofire]

OS X is inherently more secure, but as Flashback proves, it's not 100% bulletproof.

Its your fault, if you enable plugins which you do not need, such as the Java web browser plugin. Enabled plugins require (waste) additional resources and increase the security risks for you.

That is the reason why i use Firefox, all plugins disabled if i do not need them, Adblock Plus and NoScript Add-ons with the correct configuration.

You might not like the message, but you are responsible for your own security, not some company like Apple.

 

[Roc P.]

Ok so on my iMac I never had java installed, so I know I'm good. On my MacBook I have MS Office 2008 so I know I'm good. However, my PPC iMac running leopard has java installed and it was enabled in safari up until recently. I ran the 2 commands in terminal and came up clean. Now I am hearing it may still not be clean? Is there a way to check without any extra software?

 

[Mr. Retrofire]

And once again, users of Leopard and earlier OS versions are on their own.

Correct, and enough tools to protect you exist (including your brain).

----------

I ran the 2 commands in terminal and came up clean. Now I am hearing it may still not be clean? Is there a way to check without any extra software?

Yes, the Terminal commands on several websites can help you. It is probably faster, if you use these tools:
http://www.macupdate.com/find/mac/flashback

Btw:
http://www.kaspersky.com/downloads/free-antivirus-tools