Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Updates Anti-Malware Tools to Address New Trojan Threat
- Thread starter MacRumors
- Start date
- Sort by reaction score
The actual dylib file was installed somewhere in the system-level of Mac OS X when you authenticated the installation of the trojan.
Deleting the file listed in my previous post just deletes the code that the trojan uses to inject other applications.
No details have been provided yet concerning the manual removal of the dylib file.
Your only options are to install VirusBarrier Express (Free) from the Mac App Store or back up your personal data and perform a clean install.
I would recommend ClamXav over VB E but I can't say for sure if ClamXav has a definition for this Flash trojan. It most likely does so you can give that a try as well.
Last edited:
It does matter greatly, when it comes to developing a defense against them. To say it doesn't matter is to display a gross lack of awareness about malware and how to protect against it.
The same old tired market share theory, which is complete hogwash. Macs have a larger market share and installed base than ever before and yet malware is a fraction of what it used to be. As the Mac has grown in popularity, the available malware in the wild has decreased, not increased.
I don't pretend to know what the future holds, but the Mac OS X malware situation hasn't changed significantly in the past 10 years.
I have never told anyone that any OS is 100% safe. Try reading and understanding my posts before you accuse me of saying something I didn't. The greatest threat to any computer is the user.
That's false. "Apple does not get viruses" does not mean "Apple does not get malware". In no way have I ever stated that or supported such a statement. You should pay attention to comprehending my posts, rather than misquoting and distorting my statements.
Way back in the day, back in my Iomega training days, Virus and bugs were the only terms used...virus was anything that was written to compromise your computer, that included worms, trojans, malware. It wasn't until more recently that they have been given definitions to include virus being given a specific definition. Sadly, because of this argument, I can't think of a definition to cover all these forms of programs other than malicious programs.
Clearly, any current OS is potentially susceptible to malware that tricks the user into believing that it is a legitimate installer, and then giving password authentication for the install. There are only two ways I know of to avoid this problem: either have the OS check all installers against a list of known malware (this is the OS X approach, but it is susceptible to new malware not yet included in the definitions for exclusion, since that malware first has to be seen, recognized, defined, and coded into the definitions, a task made more difficult by the dynamic, self-modifying nature of some malware), or to have a walled garden in which nothing that has not been vetted by the OS vendor can be installed (the iOS approach, but it is frustrating to legitimate developers because of the time and hassle required to get approval, and some users complain because their choice is limited by the OS vendor).
The user also has to take ownership of making sure to implement safe computing practices no matter what security paradigm is employed by the OS in use.
See #8, #9, & #14 in the "Mac Security Suggestions" link in my sig for more details.
iOS leaves less up to the user in relation to #8 and #9 but Apple's vetting process isn't absolutely perfect so these practices should still be followed.
iOS doesn't allow for some of the security measures in #14, which leaves unaware users more susceptible to sophisticated MITM attacks.
To avoid accounts being compromised due to sophisticated MITM attacks when using iOS devices, don' t log into security sensitive online accounts on public networks using an iOS device.
Just going to point out the only sure fired way to clean the system is to do a clean install. Reason being is a lot of those nasty malware have loaded into them a way to disable known AV software and making sure things that are installed afterwards are either not allowed to installed or they make sure they do not work.
They are quite nasty at getting into key system parts.
Chances are your ways will do it but it is never a sure fire and even if they do remove the problem parts the damage was already done and they could of already done long term to permeate damage to the OS.
It's more like we're talking generic terms, and you're splitting hairs. Viruses per the classical term are practically nonexistent now. They're nigh impossible to get on OSX, and don't show up all that often (if at all) on modern Windows machines. But the term has stuck around, and has more or less become a blanket statement for any type of malicious piece of software designed to screw over you or your computer nowadays.
So if someone accidentally mentions virus, that doesn't necessarily mean they don't know what they're talking about. They're just using it as the catch-all phrase it's become these days.
You know what form most bugs take these days? Socially engineered malware. They don't actually exploit any OS weakness. No. They go after the weakest link of security of any computer: the user. I mean why spend all this time trying to find a hole in an operating system, then spend even more time finding another when it's eventually closed when it's so much easier to scare the hell out of someone and trick them into installing the
Now if you were a malware manufacturer, which platform would you prefer to take advantage of? The OS with the smaller market share, used mostly by professionals and enthusiasts, or the OS most commonly used by millions of gullible grandmas?
And if Macs are selling a million a month, do you think all those sales are to professionals and enthusiasts?
Ultimately, what you'd have is the Windows malware scene, transplanted to OSX. It's all about who's using what the most. Malware programmers don't give a damn about which OS is better. They don't argue about it. They don't care. What they do care about are credit cards and exploitable email addresses. And they're going to go where the action is.
Course it isn't all doom and gloom. If Apple were to sale a billion iMacs tomorrow, the Apple scene wouldn't suddenly turn into a stark wasteland of malware, requiring you to repair you OS install every other day. Ultimately, things wouldn't be much different for most of us here, besides getting updates a little more often than what you used to. What you would have is a bunch of moms and dads running en masse to the Apple store, cuz they all want to know why Buddy Bear The Freeware Game Genius is sending midget porno to grandma and asking for their social security number to make it stop.
Last edited:
First, Lion is more secure than Win 7. Second, Microsoft has painted itself into a corner.
Microsoft is burdened with supporting old code and outdated software. They can't make any radical changes to windows or they would risk losing their user base. They cannot guarantee that users will buy all new software just for their new OS, because if they had to make such a radical change, they would likely consider other options too.
In short, windows must remain windows, and this holds Microsoft back. Mac OS classic and OSX are totally different beasts, and because Apple made that transition, rather seamlessly, back when they had fewer users to support, they will remain ahead.
You have ignored that it disguises as a Flash installer. Not that it downloads itself through a Flash applet.
I'm pretty sure that if this malware was the equivalent of the boot sector malware that affects Windows, the media would be reporting about the severity of the threat.
A clean install, or at least repair install, may be required to fix any default software that can't be fixed by other methods.
Luckily, system-level access is required to cause this type of damage to apps in Mac OS X. In Windows, only user-level access to the registry is required to cause this type of damage to apps.
It's not the Intel vs PowerPC platform, its' the software.
Viruses and Trojans don't attack computer chips! They attack Software.
PowerPC actually had a few viruses and trojans way back in the 90's with pre-OS X.
The processors have nothing to do with threats, it's the software they run on, Mac OS X run's on both, (recently only Intel Chips), and still I'm not aware of any viruses with Mac OS X, and only a very few Trojans.
Let's remember, Viruses and trojans don't attack computer chips, they attack software, and right now it's by far Windows Machines running on any chip that's has more threats. Remember Windows runs on chips other than Intel too! Remember AMD, etc.?
Viruses and Trojans don't attack computer chips! They attack Software.
PowerPC actually had a few viruses and trojans way back in the 90's with pre-OS X.
The processors have nothing to do with threats, it's the software they run on, Mac OS X run's on both, (recently only Intel Chips), and still I'm not aware of any viruses with Mac OS X, and only a very few Trojans.
Let's remember, Viruses and trojans don't attack computer chips, they attack software, and right now it's by far Windows Machines running on any chip that's has more threats. Remember Windows runs on chips other than Intel too! Remember AMD, etc.?
My only comment is that no matter how much you or anyone else argues there is a real difference between reality and perception. While you may argue the reality is that Mac's don't get viruses - the perception is that it actually does (by the average user)
Perception is often far more powerful than reality. Marketing and PR lives and dies on Perception more than Reality. And we know Apple has brilliant Marketing and PR (most of the time).
Backup drives?
Further details needed...I backup my whole machine on a 2T G-Drive through Time Machine every few hours (now Preferences won't even open up to check the true update frequency). Do I have to worry about my backup? Last night when I realized, I unplugged both my backup drive and the WorldBook that I store music and movies on. Should I worry about that one too?
Appreciate all the help. BTW- feel like an idiot about this. I started with a 7100 in '95 and have had many Macs since. I should have known better and am usually very wary about this kind of thing. Sometimes your fingers are faster than your mind. A lesson for all!
Further details needed...I backup my whole machine on a 2T G-Drive through Time Machine every few hours (now Preferences won't even open up to check the true update frequency). Do I have to worry about my backup? Last night when I realized, I unplugged both my backup drive and the WorldBook that I store music and movies on. Should I worry about that one too?
Appreciate all the help. BTW- feel like an idiot about this. I started with a 7100 in '95 and have had many Macs since. I should have known better and am usually very wary about this kind of thing. Sometimes your fingers are faster than your mind. A lesson for all!
I had the rare Flash Player (10.3) update recently also, it was real and legit.
I don't read French, other than that it does look Legit. There is a recent update to Flash, version 10.3. I've never seen it pop up like that as it does on a Windows system (as it did on my Lion system). Perhaps, because it wasn't originally installed with Mac OS X Lion.
Check your Security control pane and make sure the "Automatically update safe downloads list" box is checked (under the General tab). You can toggle it to force it to check for another update right now. My XProtect (comes with Lion and Snow Leopard 10.6.8) version is updated as of last Friday (9-23-2011) and I looked at the plist file and it did include the PDF trojan definition. So Apple as already protected our Macs from it.
Another thing to do to be sure is right click (control-click) on the update in the right of your dock, and "Show in Finder" option, then run a security scan on it. I can right click (control click) on the file itself and see a menu with ClamXav at the bottom to use. (I happen to have it installed, but it does NOT run in real time, it's just an anti-virus App to check files here and there as I wish, it's a free download). If the file is nested in many different folders beyond the private (invisible) folder on your top HDD volume, that's usual, if it was a trojan, I don't know where the "Installer App" would be.
If you really want to be sure, quit the installer, and/or don't type your Unix (Install/Administrator) password. And download the update from adobe.com:
http://get.adobe.com/flashplayer/
The current version is actually 10.3.183.10
This window just pop-up 1 minutes ago... Should I update. (It's in french. Adobe flash player asking to update - for security reason !)
I don't read French, other than that it does look Legit. There is a recent update to Flash, version 10.3. I've never seen it pop up like that as it does on a Windows system (as it did on my Lion system). Perhaps, because it wasn't originally installed with Mac OS X Lion.
Check your Security control pane and make sure the "Automatically update safe downloads list" box is checked (under the General tab). You can toggle it to force it to check for another update right now. My XProtect (comes with Lion and Snow Leopard 10.6.8) version is updated as of last Friday (9-23-2011) and I looked at the plist file and it did include the PDF trojan definition. So Apple as already protected our Macs from it.
Another thing to do to be sure is right click (control-click) on the update in the right of your dock, and "Show in Finder" option, then run a security scan on it. I can right click (control click) on the file itself and see a menu with ClamXav at the bottom to use. (I happen to have it installed, but it does NOT run in real time, it's just an anti-virus App to check files here and there as I wish, it's a free download). If the file is nested in many different folders beyond the private (invisible) folder on your top HDD volume, that's usual, if it was a trojan, I don't know where the "Installer App" would be.
If you really want to be sure, quit the installer, and/or don't type your Unix (Install/Administrator) password. And download the update from adobe.com:
http://get.adobe.com/flashplayer/
The current version is actually 10.3.183.10
I agree with GGJstudios and the thrust of some of his posts in that the correct grasp and use of terminology is, in fact, important. Yes, general perception may well be that computer 'nasties' (my term here) are all 'viruses' (generic term, perhaps) but it is useful to have some sort of wider vocabulary within which to differentiate and with which to communicate information more effectively.
To offer a simple analogy: if someone asked me to go the the store to buy oranges so that orange juice could be made and I came back with apples, that someone would be frustrated. If they then explained to me what oranges were and I then came back with bananas, they'd rightly think me an idiot. Yes, it's all fruit, but apples and bananas are no good when it's orange juice on the menu.
So, while it's quite easy to dismiss people like GGJstudios (and me) as being 'pedantic', in fact we are merely more inclined to speak our native language as effectively as possible in order to better articulate our ideas and share them more effectively.
Orange juice anybody?
To offer a simple analogy: if someone asked me to go the the store to buy oranges so that orange juice could be made and I came back with apples, that someone would be frustrated. If they then explained to me what oranges were and I then came back with bananas, they'd rightly think me an idiot. Yes, it's all fruit, but apples and bananas are no good when it's orange juice on the menu.
So, while it's quite easy to dismiss people like GGJstudios (and me) as being 'pedantic', in fact we are merely more inclined to speak our native language as effectively as possible in order to better articulate our ideas and share them more effectively.
Orange juice anybody?
Last edited:
No - your analogy I find is poor.
A better one to "prove" your assertion would be that if you asked someone to get you Oranges but they brought you a tangerine, or a tangelo or another variety of Orange that wouldn't be right for juicing.
my .02
If in doubt, manually copy all personal data that you want to save to another hard drive.
This may require putting your Mac into target disk mode if unable to copy the data via other methods.
Agree - very good.
I'd add that the sites that offer free tools to rip CDs/DVDs/BDs, and free codecs, and free movies/videos/porn are at least as bad as "free game" sites for bundling malware with their downloads.
To believe that people will actually run a porn video download that comes with a .app extension (or .exe, or .dmg, or...) - and then give it the administrator or root password!