Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Updates Anti-Malware Definitions to Address Fake Flash Player Trojan
- Thread starter MacRumors
- Start date
- Sort by reaction score
Im sure there are plenty of "Stupid" Mac users download random things and click on things they dont understand.
When in come to downloading apps, if it's not on macupdate.com or if it doesn't have many reviews then I will not get it period.
I was prompted to update flash last night. I pressed ok :\ but force quit right when it was at 95%.
It won't eject and I can't put in the trash... Fml.
It wasn't forcing me to install completely like the picture in the article , it was one of those "harmless" flash automatic update.
Is this it though?
It won't eject and I can't put in the trash... Fml.
It wasn't forcing me to install completely like the picture in the article , it was one of those "harmless" flash automatic update.
Is this it though?
Attachments
I think this is unfortunate timing, as Adobe have incorporated an automatic updater in the latest version of flash for Mac OSX. I got a popup when visiting a site, and I clicked install. I thought it would take me to the adobe site, but I immediately got a bar going across (who knows - maybe it was checking and was going to take me there afterwards, or Maybe it Was downloading the installer). I think it was legit, but I quit it and downloaded the update manually.
I tried to get the popup to show again, but I guess Flash was only going to check every 7 days.
I tried to get the popup to show again, but I guess Flash was only going to check every 7 days.
You attempted to execute it, try this:
Code:
cat /etc/hostsPeople checking for this seems a little paranoid. If people *had* this in their hosts, google would simply fail to load all together- the original host is long gone.
Mine has two extra lines of text. Is this normal?
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
74.208.10.249 gs.apple.com
#127.0.0.1 gs.apple.com
Yes, that's normal. The gs.apple.com line simply refers to a jailbreak tools for certificate replay (TinyUmbrella).
It's not a virus. Get over it.
I think that you should be worried:
W:\Win7x64> nslookup gs.apple.com
Server: dns1.lsanca.sbcglobal.net
Address: 206.13.29.12
Non-authoritative answer:
Name: gs.apple.com.akadns.net
Address: 17.151.36.30
Aliases: gs.apple.com
W:\Win7x64> nslookup 74.208.10.249
Server: dns1.lsanca.sbcglobal.net
Address: 206.13.29.12
Name: nginx.saurik.com
Address: 74.208.10.249
W:\Hobbs>whois nginx.saurik.com
Whois v1.01 - Domain information lookup utility
Connecting to COM.whois-servers.net...
Connecting to whois.dotster.com...
Jay Freeman
6935 Phelps Road
Apartment #27
Goleta, CA 93117
US
Registrar: DOTSTER
Domain Name: SAURIK.COM
Created on: 13-JUL-97
Expires on: 12-JUL-12
Last Updated on: 28-JUN-11
Administrative, Technical Contact:
Freeman, Jay saurik@saurik.com
6935 Phelps Road
Apartment #27
Goleta, CA 93117
US
(805) 895-7209
Domain servers in listed order:
NS-57.AWSDNS-07.COM
NS-661.AWSDNS-18.NET
NS-1335.AWSDNS-38.ORG
NS-1947.AWSDNS-51.CO.UK
End of Whois Information
Server: dns1.lsanca.sbcglobal.net
Address: 206.13.29.12
Non-authoritative answer:
Name: gs.apple.com.akadns.net
Address: 17.151.36.30
Aliases: gs.apple.com
W:\Win7x64> nslookup 74.208.10.249
Server: dns1.lsanca.sbcglobal.net
Address: 206.13.29.12
Name: nginx.saurik.com
Address: 74.208.10.249
W:\Hobbs>whois nginx.saurik.com
Whois v1.01 - Domain information lookup utility
Connecting to COM.whois-servers.net...
Connecting to whois.dotster.com...
Jay Freeman
6935 Phelps Road
Apartment #27
Goleta, CA 93117
US
Registrar: DOTSTER
Domain Name: SAURIK.COM
Created on: 13-JUL-97
Expires on: 12-JUL-12
Last Updated on: 28-JUN-11
Administrative, Technical Contact:
Freeman, Jay saurik@saurik.com
6935 Phelps Road
Apartment #27
Goleta, CA 93117
US
(805) 895-7209
Domain servers in listed order:
NS-57.AWSDNS-07.COM
NS-661.AWSDNS-18.NET
NS-1335.AWSDNS-38.ORG
NS-1947.AWSDNS-51.CO.UK
End of Whois Information
Something has modified your DNS lookup path to substitute a fixed address for a nodename.
Software that thinks that it is accessing an Apple address are going to Jay Freeman in Goleta, CA, US and http://www.saurik.com/.
Might be explainable, but on the surface doesn't look good....
Its totally fine.
Just a Jailbreak program on his computer backing up his Cydia blobs
I think,...could be wrong
No, you are quite right, it's the firmware signing address for iPhones. This is completely inert, nothing to see there. AidenShaw is simply demonstrating a lack of knowledge and basic research skills. If this is not enough, check on the website that AidenShaw posted, and read why the address is in the hosts file.
Seeing as the original server is gone, no one has anything to worry about. Macrumours should really update the article to reflect that.
Last edited:
A problem with blocking installer files is that a lot of useful and trusty applications are packaged in such way, like Linux-ported software. We can always compile them from the gzipped tar files, but that's not too much practical. But when OSX popups user for allowing administrative rights it could at least inform what files are to be written.
Last edited:
Did you miss the first post of this thread :
(Now doubters, next time you flame me for stating the "obvious" think about why I am doing it.
)People use the word 'virus' so easily! Mac's don't have viruses. They have other types of malware, but not viruses.
Anyway, viruses aren't really a problem any more. Not even for Windows. It's the other forms of malware that are the problem.
Just in case you didn't know, malware is any type of malicious software. So viruses, Trojan's, spyware, worms and other things like that are all forms of malware. They're all bad, but a Trojan (like what this story is about) isn't as bad because it doesn't replicate itself and isn't as harmful to the computer.
The single biggest risk to computers is always going to be the User. This goes for PC and Mac users alike.
I've met people who click on everything and anything in every email. They will email back with their Paypal account login info because the email says they need verification, or send some Prince in Nigeria a small loan with the promise to reward you with his share of the inheritance.
You can make OS X very secure but nothing can make it "User Proof".
I've met people who click on everything and anything in every email. They will email back with their Paypal account login info because the email says they need verification, or send some Prince in Nigeria a small loan with the promise to reward you with his share of the inheritance.
You can make OS X very secure but nothing can make it "User Proof".
You are on the money there.
I wouldn't say it's not a problem for OSX though, just because they aren't disclosed or widely used, doesn't mean that remote exploits and privilege escalation vulnerabilities aren't possible. However, developing self replicating code is a lot more work than duping users en-masse with a piece of well known software.
Some of the security features in Lion lends itself not to absolute invulnerability, but it sure makes it difficult.
Plus, who wants to burn perfectly good exploits on publicity crap?
You just have to worry about chrome installs and updates.
It seems you have demonstrated a lack of knowledge of basic linking skills. Oh the irony...
Last edited: