Pirated software, yes. So what you are saying is everything is fine and this is not the trojan that this whole thread is about right?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Updates Anti-Malware Definitions to Address Fake Flash Player Trojan
- Thread starter MacRumors
- Start date
- Sort by reaction score
Pirated software, yes. So what you are saying is everything is fine and this is not the trojan that this whole thread is about right?
Uh ? No it doesn't. 127.0.0.1 is the loopback address that is true, but your second sentence is dead wrong. Anything that does a request on this address goes to the loopback interface. You can bind sockets to this interface just like any other in the system and it's a fully functional interface, it just happens to only be accessible by the host it is configured on.
It has many good uses and traffic going there sure doesn't go to /dev/null or the ether or no where. For one, I bind my squid server to listen only on 127.0.0.1:3128 so the only way to access the proxy is to ssh into the box and use SSH's tunneling capabilities to forward traffic to the loopback interface.
Sending traffic there with no daemons or services listening will of course result in your connection timing out, but that's true of any interface, not just the loopback. If you were to setup a fully functioning license server like what Adobe is running and is blocked by the host file modifications, you could technically assign legit registration to your CS. You'd just have to decode what the software sends and intends as a response to do it and you could all make it work over the loopback interface.
Yes it's normal. You basically didn't pay for Adobe CS and used an illegitimate key for it and that's what you got to have in your hosts file to prevent traffic destined for Adobe's registration and license servers from leaving your computer. The trojan in this thread wants traffic to leave your computer, so it points to a routable address on the Internet.
The fact that you didn't know this tells me you ran a crack which modified the host file for you. Pray it didn't alter your system anymore than that though. Next time, you might want to go the manual route of cracking CS, less worries and hidden code than in the cracks themselves.
Last edited:
Adobe uses a custom installer for Flash anyway. Just got an update after loading up a page with flash content, thankfully it's Adobe's installer.
I've also checked the hosts file...clean.
(Not my screenshot)
If the Flash installer looks like this, it's legitimate
I've also checked the hosts file...clean.
(Not my screenshot)
If the Flash installer looks like this, it's legitimate
Sorry, but if you want to nitpick (I guess you do by your constant responses), it is NOT just 'antivirus software'. It's anti-malware software because it handles a lot more than just viruses.
The hell you can't. That's like saying you can't avoid contracting AIDS. I've had a Windows machine for over 10 years and I've never had a SINGLE virus EVER, thank you very much (and I'm not alone). While nothing in life is an absolute guarantee, a little precaution goes one hell of a long way towards complete prevention.
Odd how I've wasted over 10 years running a virus checker for nothing, then seeing as I've never gotten a single one. From what you're saying, I should have gotten quite a few by now. My dad certainly has gotten dozens and dozens of them over the same period. The difference? I don't (or have family members) doing unsafe things on my computer.
Bologna. See above. You may need it be certain you don't have one, but it will only find them after you've gotten them on your machine. It won't PREVENT them from getting there (at least in a file format). Prevention means avoiding unsafe sites and not running untrusted software or opening mail from odd places using poor security measures (like using Outlook in combination with Windows which is single-handedly responsible for activating more viral crap through the mail than anything else on earth with a simple click or two)
It's the same damn thing in principle (how it does it is what differs). You wont KNOW for certain it's a trojan or not until you either have a massive problem (giveaway) or you run software that can recognize it. In other words, if I run a trojan zip file program that zips and unzips files, but contains a backdoor key logger, I may never know it was a trojan without a checker because as long as it's behaving normally, its hidden secret agenda may very well go unnoticed.
What "FACT" is that? The FACT is that a person doesn't really need to know that a trojan is not called a virus. They simply need to know how to avoid it. It's no different than warning someone that say "CheeseWhiz.zip" attachment floating around in random emails contains a virus. DON'T OPEN IT. In this case with the Flash trojan, DON'T download, install or run it. Is knowing it's CALLED a 'trojan' the KEY information? No, it's not. Knowing what to avoid is the key information. Educating someone on the difference between forms of malware is best left for another discussion/thread.
How do you defend against a worm that targets a mandatorily exposed server-side service?
For example, a worm that exploits a 0day in RPC or NetBIOS.
Last edited:
Just because you haven't encountered one doesn't mean you're protected against them. In Windows environments, if you're on a network where a virus or worm infection is spreading, you would have no way of knowing if or when your system was infected, unless you had antivirus software running. Likewise, if you plug in a USB drive that is infected, your system could be compromised without you doing anything else. I agree that taking precautions can minimize your risk, but such activities (connecting to a network or attaching external storage media) are common and expected activities, even among prudent computer users.
No, I'm saying you could have gotten some without antivirus protection, not that you should have.
Actually, they can prevent infection, by automatically detecting the infection and quarantining or deleting the infected file(s) before they have a chance to infect your system.
As already stated, a system can be infected by a virus or worm, even without visiting any websites or opening any emails.
It's true that if you install software from less-than-trustworthy sources, such as torrent sites, porn sites, etc., your system could be infected without you knowing it. But you can avoid that possibility by not installing software from such sites. If you only install software from trusted, reputable sites, you don't have to worry about infection.
The method of avoidance is determined by what form of malware it is.
Virus - you need antivirus software to protect against it, as it can infect without your knowledge or permission.
Trojan - don't install software from dodgy sources. No antivirus software needed.
Fortunately for the thousands reading this thread, your opinion doesn't dictate what gets discussed. There's never a bad time or place to educate users on how to keep their computers malware-free.
Well it was a oversimplification as I was running out the door to buy a heater. It's been very cold in NZ and I wanted to get out the door so may of oversimplified it too much.
I had this image of me at a Toastmaster's meeting having to come up with a very quick detailed explanation on the spot. We're lucky I wasn't using "and this thinge does this to this thinge and the thingee does the whatcamacallit"
But thank you for the correction - I'm aware it goes to the loopback address but thought in the time I had allocated to write it (1 minute) I might not of been able to think up the right words to explain it.
Thank you for expanding on it and correcting me
----------
Funny thing is if you open up the Flash installer's .app package via show package contents you'll see it actually has a .pkg file that can be used to install Flash by using Apple's Installer.app program.
Code:
20:07:04-honem/Volumes/Flash Player/Install Adobe Flash Player.app/Contents/Resources$ ls -l
total 448
[U][B]drwxr-xr-x@ 3 honem staff 102 5 Aug 16:05 Adobe Flash Player.pkg[/B]
[/U]-rw-r--r--@ 1 honem staff 772 5 Aug 16:05 AdobeBrandBadge.png
drwxr-xr-x@ 5 honem staff 170 5 Aug 16:05 English.lproj
-rwxr-xr-x@ 1 honem staff 38268 5 Aug 16:05 FPInstallHelper
-rw-r--r--@ 1 honem staff 1395 5 Aug 16:05 FlashGlyphOverlay.png
-rwxr-xr-x@ 1 honem staff 152059 5 Aug 16:05 FlashPlayerInstaller.icns
..... listing continues but edited out for brevity....................You can double click the package file I've highlighted there and it will install using Installer.app
File listing of that .pkg :
http://pastebin.com/4jbwq1S2
Get into by mounting the flash installer disc image then right clicking the flash installer app and going "Show Package Contents"
It IS anti-virus software. That's not a restriction on what types of malware it detects, but that's what it is. If you disagree, take it up with AVG, since they're the ones calling it Anti-Virus.
There's a certain hypocrisy is arguing about accurate identification of what something really is on one hand and then arguing the 'name label' is all that matters on the other. What's it's called and what it now does aren't the same thing. But don't let logic stop you.
Ironically, they probably continue to use the word "virus" in the program name despite being anti-malware software BECAUSE most ordinary people DON'T know the difference between "malware" and a "virus" and they don't really care to. They simply want their computers to be safe. And thus what were once virus-checkers are now catch-all anti-malware software. The average citizen doesn't need to be an expert in medicine. He only needs to know when to go to the doctor.
And just because you think you can avoid all trojans by being careful doesn't mean an official site can't be hacked and a program replaced with a stealthy hacked version or a 3rd party software writer can't have hidden an insidious trojan inside a legit program only for it to rear it's head two years later. The point is you THINK you're safe but you don't know it. It not happening to you is no different than me not getting a virus in over 10 years. That doesn't mean it cannot happen. If you want to be safe you should be concerned about every form of malware, not just viruses.
I think you're very wrong. You can avoid most viruses most of the time by limiting risky behavior and you can get duped and get a trojan even if you're careful. It's better to detect both than wish you hadn't later. Even Apple knows this or they wouldn't bother putting detection software in OSX for trojans and other malware (that are NOT viruses).
I think you mean unfortunately for them, they have to wade through your thread hijacking attempts to get to the on-topic discussion, which was about Apple's anti-malware/trojan detection, not the difference between trojans and viruses for laymen.
Such an event would make headlines very quickly, as would the release of a Mac OS X virus in the wild. The likelihood of either happening is so extremely remote that it doesn't make sense to sacrifice performance to any security apps for such a remote possibility.
Anti-malware software can't protect you against that, since it doesn't exist.
I agree. That's why anti-virus/anti-malware apps are useless in protecting Mac OS X because all existing forms of Mac OS X malware can be avoided through prudent action and any non-existent forms of Mac OS X malware would not be detected by AV/AM apps, since they don't know what to look for.
You don't seem to understand the point that there are 2 kinds of Mac OS X malware:
- That malware which currently exists in the wild, which consists only of trojans that are easily avoided by prudent action and don't require software as a defense.
- That malware which does not currently exist in the wild, which software cannot defend against, since it wouldn't know what to look for.
Key word: Most. Not all.
No, you can't. If you're duped, that means you weren't careful.
So now you're back to just talking about OSX? You know AVG that you ranted about earlier is for Windows, right? You flip flop more often than a politician looking for reelection.
You're showing your ignorance again. Backdoor/hacked trojans are VERY common in Windows, especially in torrents. They can operate perfectly normally and still set up a key logger in the background and if you don't have detection software, you'll never know it. There is no technical reason they can't exist on a Mac either. Imagine if the author of CCC went rogue and planted a key logger in it (you have to give it permission every time you operate and so right there you're giving it the admin password). It'd be SO easy to attack the Mac Community because people like you live in a freaking fantasy world where you believe you cannot be touched because "you're careful".
If they're useless then why is Apple going to the bother of including one in OSX proper to deal specifically with these trojans??? Why don't you write Steve Jobs a letter and tell him it's useless. That'd be a hoot.
Don't forget how many Mac users also run Windows, whether virtualized or with Boot Camp. Thus, only talking about OSX is moot in many cases.
So your motto is blame the victim for not being perfect? What if the official web site is hacked? It's still their fault for not being able to magically sense it? Give me a freaking break.
I didn't rant. The thread is about Mac OS X, not Windows. You're the one derailing the thread with your arguments that are off-topic, and you're the one to first mention AVG in this thread.
Again, this is a Mac forum and a thread about Mac OS X, not Windows. The trojans you described do not exist for Mac OS X.
I didn't say they can't exist; I said they don't exist for Mac OS X. Until they do exist, no anti-virus/anti-malware appp can protect against them, because they don't know what to look for.
If such a thing were to happen, no anti-virus/anti-malware appp would protect against it, because they don't know what to look for. Again, if something like that happened, the news sites and this forum would be reporting it, so users could take appropriate action. Those running anti-malware software on their Macs would no more protected than those without it.
I don't know why you get so emotional over the fact that the current malware environment is different for Mac OS X than it is for Windows. My statements about how to avoid malware on a Mac are 100% accurate. It's reality, not fantasy. For some strange reason, you appear to be threatened by that, but your feelings don't change the facts.
It wasn't necessary to install any anti-virus or anti-malware software on Mac OS X to successfully avoid those trojans. While Mac OS X already had some defenses against malware built in, it's obvious that Apple chose to update its protection because of the publicity surrounding the trojans, to put people's mind at ease, and for the benefit of those who don't employ safe computing practices. Now that they've done so, there's even less reason to install any 3rd party anti-virus or anti-malware apps for those who are prudent in what software they install.
As has already been pointed out, this thread is about Mac OS X, not Windows. There are other threads in the Windows on the Mac forum, where Windows malware is discussed. As I've already said, those running Windows should be running anti-virus/anti-malware software, since not all Windows malware can be avoided by prudent user action alone.
I'm not blaming anyone. I simply said if you were duped, you weren't careful.
What was that you said about living in a fantasy world?
What if cows flew? What if an asteroid destroyed the moon? You can keep coming up with extremely unlikely scenarios, but until something like that happens, we are left to deal with the world as it is. In the computing world as it exists today, my statements are true. If anything changes in the future, my recommendations would change accordingly.
AV software doesn't have 100% detection rates.
It is possible that a normal human being will make a mistake.
Two-layer protection schemes are always more effective than only having one method of protection.
Applying user knowledge about safe computing practices as well as using AV software provides a two-layer protection scheme.
Mac OS X includes a built-in AV solution to help catch any mistakes made by the user.
Many capable free AV solutions exist for Windows to help catch any mistakes made by the user.
But, Windows users are far more likely to be infected by malware because:
1) More malware exists for Windows.
2) Windows is less secure than OS X.
It is possible that a normal human being will make a mistake.
Two-layer protection schemes are always more effective than only having one method of protection.
Applying user knowledge about safe computing practices as well as using AV software provides a two-layer protection scheme.
Mac OS X includes a built-in AV solution to help catch any mistakes made by the user.
Many capable free AV solutions exist for Windows to help catch any mistakes made by the user.
But, Windows users are far more likely to be infected by malware because:
1) More malware exists for Windows.
2) Windows is less secure than OS X.
If you wait until it's too late, you have a disaster. The framework needs to be there at the first sign of a problem. That is precisely why Apple is including the software NOW so they have a way to quickly address it when it appears (not IF it appears).
You're right. The world has NO experience with trojans. They never HEARD of such a thing! WTF would they look for?
Ever hear of checksums? Digitally signed software and drivers? It's not that hard to compare official known/safe versions to hacked/bogus ones (exactly what malware checkers do, BTW). This idea that you can't do something preventive is 100% nonsense. Why do you think Microsoft certifies drivers? It's precisely so you don't get a hacked version. That technology is designed to PREVENT precisely the scenario I'm talking about. It's not that hard to take preventive measures. You don't HAVE to wait until the disaster already occurs or we wouldn't have any security measures in an OS until someone attacks it.
Keep on believing that, dude.
Many forms of malware have been known to silently hide and wait long periods of time before they activate. With no one looking for them or checking to make sure programs are secure (because THAT doesn't happen to Macs!), it's just a potential disaster waiting to happen. The Mac could implement a secure developer system with an OS certified/secure method and prevent much of that (the very reason iOS is more secure than OSX) and tell people to take their risks with uncertified software. Oh wait. That's what the App store is for....
You're the one getting emotional. I'm simply correcting your flawed suppositions. Malware isn't really different by platform. It's the same basic crap. It hasn't hit the Mac in huge numbers because it's been <8% of the home computing world. Who wants to go after small fries when you can go after the big enchilada? I know people like you don't believe that's true. You think UNIX is some kind of superpower that magically prevents all malware, but like I said, you're living in a fantasy world. Apple knows this and is taking steps to deal with it now rather than later. They just don't advertise everything to the public.
Yes, wait until the disaster (that already occurred) news breaks on MacRumors.... Great advice dude.
You just said it was WORTHLESS to put that in to OSX. So it's just a marketing scam, then???
What was that you said about living in a fantasy world?
So now you're comparing hacked web sites to cows flying and asteroids destroying the moon?
Web sites get hacked every single day, dude. Comparing that to cows flying just makes you look ridiculous.
You're right. The world has NO experience with trojans. They never HEARD of such a thing! WTF would they look for?
Malware detection definitions do not generalize well. Being able to detect some examples of malware doesn't mean all examples will be detected.
This string of posts suggests that you are being disingenuous.
File verification that occurs within installers and updaters uses checksums.
This is more effective than AV software because the checksums are available prior to installation. AV software may not have a definition for a specific example of malware.
This technology is used within OS X.
Malware in the wild has been able to bypass the driver signing used in Windows.
An example is TDL-4 that not only bypassed driver signing but also bypassed UAC to achieve system-level access.
https://forums.macrumors.com/posts/13193229/
Last edited:
You appear to have missed a basic concept in anti-virus/anti-malware defense. In the Windows world, where there are thousands of historical examples of malware in the wild, it is possible to use heuristic signatures to look for specific attributes and characteristics for detecting viruses and other forms of malware. They have enough historical Windows malware data upon which to make an educated guess that an app is exhibiting malware-like behavior. The same is not true for Mac OS X, which has zero instances of viruses and only a handful of trojans in the wild. There is simply not enough malware experience upon which to build a system that can anticipate malware-like behavior in Mac OS X. They don't know what to look for.
Name one example of this in the Mac OS X world.
Who says no one is making sure programs are secure? Do you know the security practices being employed by every site that distributes Mac software, to make sure their software hasn't been tampered with?
I didn't say malware was different. I said the malware environment is different between Windows and Mac. There are thousands of viruses, worms, trojans and other forms of malware that affect Windows, with countless examples of Windows systems being infected even while running anti-malware software. There are only a handful of trojans in the wild that can possibly affect Mac OS X, with a very small percentage of Macs actually being affected. Those, by any reasonable standards, are two completely different environments.
The same old tired market share theory, which has been debunked more times than I can count.
Please quote anything I've ever posted in this forum that would support that bogus claim. Don't presume to know what I think, or try to put words in my mouth, if you don't have evidence to back it up.
Again, that's not what I said. If someone exercises reasonable care, they can successfully avoid all forms of Mac OS X malware that exist in the wild, without the need for software as a defense. If that situation changes, such as by the release of a Mac OS X virus, no anti-malware software will protect against it, because there's no precedent on which to base a detection scheme. If the first person encountering such a virus (or trojan or worm or any other form of Mac OS X malware that doesn't exist today) is running anti-malware software, and if the malware is of a type that can infect despite a user taking prudent action, that system will be infected, anti-malware or not.
As is true 100% of the time, the new introduction of malware is not encountered by everyone using that platform simultaneously. Like it the case of MacDefender, the vast majority of Mac users heard about it on MR forums, news sites, etc. long before they ever encountered it, and most still have not encountered it.
Quote where I said that. Again, you're making it up as you go along.
Name one example of a website distributing Mac software that has been hacked and the legit copies of their apps were replaced by infected copies, which is the scenario you proposed. Name one example where that has ever happened. One.So now you're comparing hacked web sites to cows flying and asteroids destroying the moon?
Web sites get hacked every single day, dude. Comparing that to cows flying just makes you look ridiculous.
Honestly, heuristic signatures are really just marketing BS.
Bit flipping, obfuscation, and encryption make it very easy to modify malware to bypass both definition and heuristic detection.
Metasploit provides functionality to facilitate these methods.
These techniques increase the likelihood of failing file verification via checksums so this method only applies to bypassing AV software.
https://forums.macrumors.com/posts/13193229/
While heuristic detection can be circumvented, as you pointed out, it can provide a higher detection rate on Windows systems than not using it at all. At any rate, you further support my point that running anti-virus or anti-malware software on Mac OS X is useless when it comes to detecting malware that doesn't yet exist, since there's no way to know in advance what that malware will look like, how it will behave or what Mac OS X vulnerability it might exploit.
But, AV software, as included by default in OS X, does prevent infection by known malware with a detectable signature in the event the user makes an error in following safe computing practices.
Two-layer protection schemes are inherently more secure than a single layer of protection given that the primary layer in this paradigm is not immune to human error.
I agree that having a "safety net" by having AV software running, could be preferable to some, who don't want to rely solely on safe computing practices. I've never suggested that people should never run AV, but that they aren't required to run it in order to successfully defend against all Mac OS X malware currently in the wild, as long as the user employs safe computing practices. Also, since Mac OS X now includes AV protection by default (if you're on SL or Lion), there is even less of a need for 3rd party AV apps.
The danger in relying solely on AV software for protection is, as you pointed out, that malware detection rates are less than 100%, so a user who is lulled into a false sense of security because they have AV running and who fails to make prudent choices in computing practices may find their systems compromised. Also, if new malware is released in the wild, initial detection is most likely impossible by currently installed AV software.
Last edited:
My this is quite the "lively" thread.
A great primer for those who are clueless about virus's malware and the like.
A veritable wealth of info for the novice.
A great primer for those who are clueless about virus's malware and the like.
A veritable wealth of info for the novice.
I agree for the most part.
But, I tried to support the use of AV software on Macs in this forum at various times in the past but gave up due to the reactivity I received from the effort and opted to resort to supporting this more passively.
Now, Macs come with basic anti-malware protection that is updated daily so there is no reason to try to give this support any longer. Mac OS X now provides the opportunity to have a two-layer protection scheme by default that is more secure than a single layer of protection.
Mac users now only need 3rd party AV software if they connect to corporate and/or academic networks that require an AV solution that meets the requirements of the institution to be installed.
Last edited:
You win, GGJStudios. I'm tired of arguing since you are clearly arguing just to argue (you have to win in your mind no matter what) and aren't listening to a single word. You're simply wasting my time in a big way and your posts have no value what-so-ever to me or anyone else that I can see.
Does this mean I have to start using a Malware scanner on my computer ?
What's the best one for Lion that doesn't have a real time scanner? I hate having superfluous crap running in the background slowing a brother down.
?What's the best one for Lion that doesn't have a real time scanner? I hate having superfluous crap running in the background slowing a brother down.
Did you read the thread? You can run 3rd party anti-virus or anti-malware on your system if you choose to, but as long as you're careful where you get software that you install, you don't need 3rd party AV/AM to protect your Mac. Mac OS X Snow Leopard and Lion already have anti-malware protection installed. So you don't have to go back to previous pages to find it, here's all the information you need to know:Does this mean I have to start using a Malware scanner on my computer
What's the best one for Lion that doesn't have a real time scanner? I hate having superfluous crap running in the background slowing a brother down.
Actually I didn't read the thread, I skimmed and all I saw was bickering and people saying "OH LAWD IS DA END OF DAYZZ FOR OSX". So I figured I'd just throw my question out there because I knew someone would answer it
.THanks! I download software from all sorts of dubious websites, so this is good news.