Flashback Malware Still Affecting over 100,000 Macs

[seashellz]

ha ha! wouldnt it be funny if S------C-in a desperate move to drum up Mac app sales, which are lagging if not dropping- secretly created and let loose these viruses themselves? So far ive yet to hear of any widespread damage-or any damage at all from these various bugs-unlike Windows

But this is the real world -things like that dont happen do they...

 

[Renzatic]

There has been documented collaboration between virus writers and AV writers. Most of it is just, people writing bad viruses that would never work, sending them to the AV labs where they put them into their AV list, so they can say, "We have 10 hexillion viruses we can detect."

Trust me, if they could make more money by releasing viruses and they thought they could get away with it, they would do so in about three and a half moments. More likely than not, they would work through a proxy.

Makes sense. I mean think about all the extra money they'd get from all the credit card numbers stolen through the virus...er trojan...uh malware they wrote! It's brilliant! I mean not only do they get the credit card numbers, but they also make sales off the AV software to get rid of the malware they wrote to get the credit card numbers. There's no way a plan like that can fail!

....until they get caught.

....which they would.

Damn, Doctor Norton. I trusted you.

But seriously. Why would they go through so much effort just to rope in the relatively small Mac community? At the moment there's, what, 50 million Macs out there? A goodly number, yeah. But compare it to the near billion Windows PCs market. A market that already buys their products. A market that willingly updates said product on a yearly basis? Would it be worth it for them to lose face completely by getting caught doing something incredibly illegal just for a small subsection of a market that kinda hates you because any association with said product makes their chosen OS look bad?

I wouldn't think so. It'd be like mugging a kid at gunpoint for his lunch money. That's a little too much effort and risk for a buck seventy-five, ain't it?

 

[JordanLindsay]

I was infected but the tool was simple to use and removed within seconds.

----------

Makes sense. I mean think about all the extra money they'd get from all the credit card numbers stolen through the virus...er trojan...uh malware they wrote! It's brilliant! I mean not only do they get the credit card numbers, but they also make sales off the AV software to get rid of the malware they wrote to get the credit card numbers. There's no way a plan like that can fail!

....until they get caught.

....which they would.

Damn, Doctor Norton. I trusted you.

But seriously. Why would they go through so much effort just to rope in the relatively small Mac community? At the moment there's, what, 50 million Macs out there? A goodly number, yeah. But compare it to the near billion Windows PCs market. A market that already buys their products. A market that willingly updates said product on a yearly basis? Would it be worth it for them to lose face completely by getting caught doing something incredibly illegal just for a small subsection of a market that kinda hates you because any association with said product makes their chosen OS look bad?

I wouldn't think so. It'd be like mugging a kid at gunpoint for his lunch money. That's a little too much effort and risk for a buck seventy-five, ain't it?

that is a hilarious comparison, thanks for the laugh!

 

[Renzatic]

that is a hilarious comparison, thanks for the laugh!

Hey, no problem. Always glad to be of service.

I was infected

...until I figure out someone is a shill for the AV cartels. Then I'm not glad at all.

 

[hexonxonx]

Well, unless people install the remover app and run it, obviously they won't get rid of it. And there will always be many computer users clueless about these kinds of stuff.

Believable. Remember last year when the news came out that 25% of iPhone owners never connected their iPhone to iTunes to sync or even backup.

It took several years to convince my brother who was paying for DSL that he didn't also need continue paying for AOL to connect to the internet. He seriously thought he needed both.

 

[faroZ06]

Wait, how do they know?

 

[Rodimus Prime]

I don't understand the concern everyone has. One trojan that infected 1% of Macs (thats right, 1%) and is easily fixed with an update compared to over a million known malware variants on Windows systems is nothing.

But 1% of all mac is a pretty big chunk for a single malware to infect. I do not believe many windows trogans even get close to hitting 1% of windows installs

But at the same token it is not surprising considering way to many people believe Mac do not get "viruses"

Virus being used as any form of malware so they break rules of running unknown software.

 

[AidenShaw]

I don't understand the concern everyone has. One trojan that infected 1% of Macs (thats right, 1%) and is easily fixed with an update compared to over a million known malware variants on Windows systems is nothing.

Many people here don't seem to realize that this trojan isn't evil malware, it is a downloader for evil malware.

Removing all traces of the trojan only stops it from installing new malware on your system - it doesn't remove the malware that it's already downloaded and installed. (But the anti-malware companies are busy cataloging these downloads and creating removal tools.)

"Easily removing" the trojan doesn't make your system safe.... It merely stops it from becoming more unsafe.

(Unless, of course, the downloader has downloaded new variants of the downloader that the tools won't find....)

 

[Chlloret]

Apple is only providing fixes for OS X 10.7 and 10.6. Aren't there still significant numbers running Leopard or earlier?

Have media reports about Flashback explained how users were sent to infected websites in the first place? I presume it's been through URLs in junk e-mail, but I haven't heard any confirmation of that.

If you are still running a ppc machine, you are not affected. Only intel and they can ALL run on 10.6+

 

[Chlloret]

1% who has reported the issue, which is about the amount of mac users who join forums.
The other 99% may be infected and may not know because they have been told the mac is "safe" and protected from such things.

No, one percent that is estimated by the anti virus companies. Actual infections are not even close to that, as a matter of fact, we did not see any in reality. Our IT guys tested all 15000 our Macs, thats without the privately used systems, nowhere was this "trojan" found and besides some obscure forum "finds" (many do not even seem to have a Mac the way they discribe the problem) this thing seems to be pretty elusive.

----------

No the 1% is the actual number of infected whether they know it or not.

http://www.redmondpie.com/apple-releases-standalone-flashback-malware-removal-tool-for-non-java-mac-users-download-now/

They don't measure it by the amount of people reporting it, they measure it by seeing what the trojan is doing.

But the trojan is not doing anything. It COULD do something if all fantasies of the doomsday sayers come tru, but actually, it did not do anything.

----------

How can these firms estimate the number of infected machines, and then the changes from day to day?

They throw dice?

 

[Case-sensitive]

Must be those people who are scared to death of any updates and wait 4 years before finally committing.

The 100,000 most retarded mac users on a chart. lmao

Or have no need to update. Or the machine is used by their 8 and 10 year-old kids as an introduction to the platform. Or use the machine as a legacy workstation. Or... Or...

No need to be elitist, it's not clever, it's not pretty.

 

[Case-sensitive]

I know 3 people who have 10.4 / 10.5 running. How should they check/reid themselves of this trojan? i have yet to see advice on this.

Have a look here for starters.
https://forums.macrumors.com/threads/1356916/

 

[bawbac]

No, one percent that is estimated by the anti virus companies. Actual infections are not even close to that, as a matter of fact, we did not see any in reality. Our IT guys tested all 15000 our Macs, thats without the privately used systems, nowhere was this "trojan" found and besides some obscure forum "finds" (many do not even seem to have a Mac the way they discribe the problem) this thing seems to be pretty elusive?

Anecdotal hearsay is not fact.
Must have a good cooperate firewall if indeed your statement is true.

 

[FloatingBones]

If you are still running a ppc machine, you are not affected. Only intel and they can ALL run on 10.6+

Agreed. But there still must be a fair number of people running 10.5 on their Intel machines.

 

[Chlloret]

Agreed. But there still must be a fair number of people running 10.5 on their Intel machines.

Yup, but that is there decission. Apple is actually giving 10.6 away atm, free, so if you STILL don't want to upgrade, you would not install the update either.

 

[Chlloret]

Anecdotal hearsay is not fact.
Must have a good cooperate firewall if indeed your statement is true.

Yes, hearsay is far from fact but thats what these companies tell us. 600000, 500000, today 100000, no facts, estimates, hearsay.

What do you need a corporate firewall for? Our computers (many many mobile) are all over the world, they usually connect via VPN with there home office, mine here in Spain over a server in Miami, as probably most business computers do. Java or Flash is not being installed, there is no reason for it. The first 6 weeks of the "hole" the trojan asked for the admin password, most of our users do not even have that, so tough, the last two versions tried to install without the password but still needed the "ok" click and that did not work on a non admin account.
So, we where not infected. But then, I do not know anybody, anywhere, that actually got it. The removal tools, depending witch one you use, will tell you that they removed something, I for instance checked my MacBook before the removal tool and it was clean (not surprising, it has not been used since September last year) but when I ran the (non java) removal tool it said that it removed the trojan. Now, how can it remove something that was not there? My best guess is the placebo effect, it looks like something has been done and everyone is happy.
Little snitch by the way did not report anything either. But then, why? Because there was and is nothing.

 

[charlituna]

Apple is only providing fixes for OS X 10.7 and 10.6. Aren't there still significant numbers running Leopard or earlier?

the answer is possibly that the exploit that allowed this was never present in the Pre Snow Leopard run times so there's no way those folks could get infected.

----------

N
But the trojan is not doing anything. It COULD do something if all fantasies of the doomsday sayers come tru, but actually, it did not do anything.

That's a good point. It seems that this trojan didn't do anything other than call out to some server to say 'here I am'. It was found before that server could send back anything really nasty. Or so it seems.

And as of this morning at least one company is saying that the still infected machines is down to like 30k tops. So word is getting out there. Folks are cleaning their machines, updating their software etc. All before something really bad happened.

Compare this to the trojan from last year that was claiming to be security software and tossing up porn etc to get folks to pay to update and clean out out. How many folks gave up their credit cards to that trick. This is nothing compared to that stunt.

 

[GGJstudios]

Do we really need antivirus software for Macs?

While some may prefer to run antivirus apps, it's not needed to keep your Mac malware-free if you practice safe computing (see below). Also, running antivirus software can give some a a false sense of security, leading them to exercise less caution in their computing practices. Antivirus detection rates are less than 100% and sometimes new malware isn't initially recognized as such by antivirus apps. The point is, even if you elect to run some antivirus app, it's still wise to practice the safe computing tips described below.

I mean, assuming the growth of the platform, and that more and more malicious programs will be written..

There is less malware in the wild that affects Mac OS X than there was for Mac OS 9 and earlier versions, even though Mac OS X has a much larger market share and installed base.

I don't have any type of security software.. Should I? If so, which is the best for Mac?

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware FAQ​

1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall
   
   
2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General
   
   
3. Disable Java in your browser. (For Safari users, uncheck "Enable Java" in Safari > Preferences > Security.) This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave this unchecked until you visit a trusted site that requires Java, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)
   
   
4. Change your DNS servers to OpenDNS servers by reading this.
   
   
5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
   
   
6. Never let someone else have access to install anything on your Mac.
   
   
7. Don't open files that you receive from unknown or untrusted sources.
   
   
8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.
   
   
9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any virus, trojan, spyware, keylogger, or other malware. You don't need any 3rd party software to keep your Mac secure.

 

[macsmurf]

Java or Flash is not being installed, there is no reason for it. The first 6 weeks of the "hole" the trojan asked for the admin password, most of our users do not even have that, so tough, the last two versions tried to install without the password but still needed the "ok" click and that did not work on a non admin account.
So, we where not infected. But then, I do not know anybody, anywhere, that actually got it.

It's absolutely true that if you don't have the admin password and you don't have installed Java there is no way you can get this malware. Your IT guy needn't have bothered with checking your 15 000 macs. It wouldn't have made a difference whether it was 150 or 150 000 macs.

Of course you can't really make the conclusion that the numbers from the AV companies were wrong based on that. You also cannot make the conclusion from the people you know unless you know hundreds of statistical representative mac users.

The AV companies make their estimate by reverse engineering the malware, figuring out which domains it will try to contact in the days ahead, and then buy those domains while pointing them to their own servers in the process. That will give them a highly accurate real time estimate of the amount of computers infected. More than one company have done that and agree on the numbers.

AV companies sometimes try to upsell a threat in order to drum up business but actively colluding and outright lying about the numbers? I don't think so. If that was true why would they say the numbers had fallen?

 

[Mac Kiwi]

It would be fascinating though to see "honest" numbers on how widespread the trojan got out there. I am betting the result would be nothing like the numbers being quoted mind you.


Just curious - Anyone here ever been advised to buy anti virus along with your Mac purchases? What about Apple store employees or the Genius bar, do they ever recommend it?.....I have 3 myself and never have been advised to do so.

 

[thekeyring]

I'm not worried. Apple dares to do what Microsoft won't.

With OS X Lion, some Apps don't work.

If they did a major upgrade to OS 11 (as an example, I know the future might not work like this) then by 11.4 all OS X apps (and OS X viruses) won't work either.

Perfect.

 

[AidenShaw]

It would be fascinating though to see "honest" numbers on how widespread the trojan got out there. I am betting the result would be nothing like the numbers being quoted mind you.

How much do you want to bet?

Three large anti-malware companies that spend millions per year on network snoops to discover botnets come up with very similar figures on the number of infected systems.

And somebody on the interwebs says he doesn't believe the numbers.

 

[Renzatic]

How much do you want to bet?

Three large anti-malware companies that spend millions per year on network snoops to discover botnets come up with very similar figures on the number of infected systems.

And somebody on the interwebs says he doesn't believe the numbers.

It's not so much the fact that OSX finally faced down a somewhat severe malware infection I find so entertaining. No. I kinda like Macs and OSX. One of the things I liked about it was the fact you barely had to worry about getting a bug at all, versus maybe possibly kinda risking getting a bug in Windows because I did something stupid, like download a game off Limewire during a fit of drunken rage.

What I do find entertaining are the reactions. It's amazing how some people are so invested emotionally invested in their operating systems, and the lengths they'll go through to defend it from any negative connotations. The lame excuses! The righteous indignation! The passing of blame! The paranoid conspiracies (that's....like...what the antivirus companies want you think, man)! It's a big list of logical fallacies, all compiled into one easy to read thread. It's all fun.

And now we're getting reports that the initial 100,000 infected Macs might be a miscalculation. In fact, it might be upwards of 650,000.

Don't know if it's true or not. Don't know if it is indeed the antivirus companies making a mountain out of a molehill in an attempt to sell more antivirus software. What I do know is this little storm in a teacup is only just beginning.

I await the responses with bated breath.

 

[AidenShaw]

What I do find entertaining are the reactions.

It's amazing how some people are so invested emotionally invested in their operating systems, and the lengths they'll go through to defend it from any negative connotations.

The lame excuses! The righteous indignation! The passing of blame!

I think that this "tribal" mentality has been with us forever. (Read an excellent analysis of tribal behaviour from Newsweek: http://www.thedailybeast.com/newswe...son-on-why-humans-like-ants-need-a-tribe.html )

When I was a teen, the "teens through 20-somethings" aligned into the "Ford" tribe and the "Chevy" tribe and the "Dodge" tribe. (The "GTO" and "442" groups were sub-tribes in the Chevy tribe.)

Today we're just seeing young kids get wrapped up in their phones and computers.

(Although to betray my affiliation, I think that no other ponycar came close to the near perfection of the original Boss 302

I also had a 6.4 litre Mustang with the big block engine, but it was not nearly as much fun as the Boss 302 - the 6.4 litre engine was just too heavy for a smaller car.)

 

[ixodes]

I don't understand the concern everyone has. One trojan that infected 1% of Macs (thats right, 1%) and is easily fixed with an update compared to over a million known malware variants on Windows systems is nothing.

Microsoft has a weekly (every Tuesday) release of security updates & patches. To apply them it's just like a software update on a Mac, automatic & easy. Just one click to launch and in minutes you're set.

The only difference is MS has expertise with this & Apple doesn't (Yet). As much as some Mac users need to pump up their ego by bashing MS, you're wasting your time & revealing a lack of current knowledge.

Forget the myths, they're propagated by the unaware.

Neither my Mac or Windows computers have crashed, or been infected in many years. Not even a BSOD. Theyre just computers. Learn safe computing & enjoy trouble free sessions.