Flashback Malware Still Affecting over 100,000 Macs

[macsmurf]

Sure, although a highly related question is: what percentage of these 15K machines were patched early enough to never have become vulnerable? Or similarly, what percentage of these seats were locked down with the user not having Admin privileges to have had authorized? And so on.

According to an older post by Chiloret none of the users had admin privileges and none of the macs had Java installed. Consequently, an infection of even one machine out of the 15000 would have been highly surprising.

It's as if he keeps bringing up that number because it sounds impressive, even though the actual number of vulnerable machines within the company were much much lower. Wait, that argument sounds familiar

Anyway, another reason for the AV companies to stay honest is that anyone, including Apple, can replicate the assessment. If there was any real doubt when it comes to the magnitude of the infection this would be done.

 

[Chlloret]

According to an older post by Chiloret none of the users had admin privileges and none of the macs had Java installed. Consequently, an infection of even one machine out of the 15000 would have been highly surprising.

It's as if he keeps bringing up that number because it sounds impressive, even though the actual number of vulnerable machines within the company were much much lower. Wait, that argument sounds familiar

Anyway, another reason for the AV companies to stay honest is that anyone, including Apple, can replicate the assessment. If there was any real doubt when it comes to the magnitude of the infection this would be done.

What the company computers is concerned, you are right. How people treat there personal computers, I can not say. But if we do not give the users admin rights, how many other companies do the same thing? How many Mac users do the same thing? Then, the "safe" section would be on the one hand number x, leaving the "Haystack" much much smaller, so it would be even easier to find a really infected system.
As -hh points out, there are companies with rater large amounts of Macs (we work with Springer, but are thanks God not part of them) nobody got infected. Sure, these computers are managed, users seldom have any rights, even I have to bring for personal use my own MBA or iPad, my MBP and the office machine are nailed shut and go over our internal net online (VPN) but for every company computer there is somewhere a personal one, often more then one if a family is involved.
So with this decent size sample there should be an infection somewhere?

 

[macsmurf]

What the company computers is concerned, you are right. How people treat there personal computers, I can not say. But if we do not give the users admin rights, how many other companies do the same thing? How many Mac users do the same thing? Then, the "safe" section would be on the one hand number x, leaving the "Haystack" much much smaller, so it would be even easier to find a really infected system.
As -hh points out, there are companies with rater large amounts of Macs (we work with Springer, but are thanks God not part of them) nobody got infected. Sure, these computers are managed, users seldom have any rights, even I have to bring for personal use my own MBA or iPad, my MBP and the office machine are nailed shut and go over our internal net online (VPN) but for every company computer there is somewhere a personal one, often more then one if a family is involved.
So with this decent size sample there should be an infection somewhere?

Yes, there should be an infection, and there is, according to the numbers.

You're assuming that company macs make up the bulk of the Apple computers out there. That is incorrect. Macs are primarily used as consumer machines.

Anyway, there is no evidence that the numbers are fudged. The only reason to believe this seems to be people that desperately cling to the idea that macs can't get malware. That belief might actually be part of the problem, although it is very entertaining.

 

[wrkactjob]

Has anyone on this forum been affected?

Has there been a Poll type thread to give some level of indication?

 

[Chlloret]

Yes, there should be an infection, and there is, according to the numbers.

You're assuming that company macs make up the bulk of the Apple computers out there. That is incorrect. Macs are primarily used as consumer machines.

Anyway, there is no evidence that the numbers are fudged. The only reason to believe this seems to be people that desperately cling to the idea that macs can't get malware. That belief might actually be part of the problem, although it is very entertaining.

According to what numbers? The numbers, daily changing, from the AV Companies?
What about numbers from actual affected systems? Not considered compromised, not estimated, not shuffeled out at dawn, but actual users with the trojan, a WORKING trojan, on board?

I am by no means thinking that Macs are mainly in corporate use. On the contrary, to each of our systems comes at least one privatly used consumer computer. But, as I said, only a good 3000 users reported. From there private Macs. None was infected.

I do not for a minute believe that a Mac, or any other system for that matter, is impossible to penetrate, you would be a fool to think that.
All I'm asking for is to show at least one of those half a million infected Macs. I am not talking about having a dormant file in your Libary, I want to see a trojan on a Mac, that has been installed without any user interaction, got to phone home and delivered a payload or loaded aditional malware. Like I said, without the users knowledge.

With half a million reported systems forming a "botnet" that should not be too complicated? Just one.

 

[Renzatic]

I am by no means thinking that Macs are mainly in corporate use. On the contrary, to each of our systems comes at least one privatly used consumer computer. But, as I said, only a good 3000 users reported. From there private Macs. None was infected.

40 millionish Macs out in the world

500,000 + - maybe infected.

Your 3000 reported bug free isn't statistically relevant.

 

[Chlloret]

40 millionish Macs out in the world

500,000 + - maybe infected.

Your 3000 reported bug free isn't statistically relevant.

All well and good, but where is one, JUST ONE of the 500000?
There must be one, somewhere?

 

[Renzatic]

All well and good, but where is one, JUST ONE of the 500000?
There must be one, somewhere?

We've already had a few people here who claim to have been infected.

But think about it. A fraction of Mac users have been infected. You oversee a fraction of a fraction of the entire Mac market. From the sounds of it, your clientele is fairly tech savvy. The chances of you seeing it are about slim to none.

Your lack of experience with it can't be construed as evidence of its nonexistance.

 

[Chlloret]

We've already had a few people here who claim to have been infected.

But think about it. A fraction of Mac users have been infected. You oversee a fraction of a fraction of the entire Mac market. From the sounds of it, your clientele is fairly tech savvy. The chances of you seeing it are about slim to none.

Your lack of experience with it can't be construed as evidence of its nonexistance.

My lack of seing this thing live is not why I think its fishy. The lack of ANY system is what I can not understand.
Seriously, one poster here claimed to have been infected, or better a friend or collegue had been, and it was sooooo bad, that he had to format the drive and lost data.
Really? THAT is the evidence? Something, that even the companies telling us about this "threat" do not see?
First, this trojan was supposed to have downloaded other malware and installed that. When it was found out that that was not the case, the tune changed and it was claimed that peronal data (CC info, banking info) was send to servers. Now, that was soon also taken back and now the incredible harmful thing this thing is doing is changing search results to grab some adsense cents? WHAT?

Now, still, nearly two weeks after the widespread reporting of this trojan, there is still not one real system being shown that showed any of the claimed properties of this trojan.
Only the numbers getting bigger and bigger without any proof what so ever. No website has been shown that infected Macs, no adserver has been shown that infected Macs, no routine has been shown that infected Macs, no controlling server has been reported or shut down, not even a log from little snitch, no firewall warning, no AV warning, just nothing at all. Only reports from russia, dully translated to the blogs and "news" sites of the world.

Really, is NOBODY checking?

 

[loon3y]

how do u know if your computer is infected?

 

[nec207]

This is other thing that the antivirus companies are making this up.

Now they say 1 in 5 Mac have this malware !!!

http://reviews.cnet.com/8301-13727_...ive-macs-infected-with-malware-is-inaccurate/

 

[Roc P.]

I upgraded my bosses MacBook Pro from Leopard to Snow Leopard today. He got a free disc from Apple since he has a MobilMe account. After I did the upgrade, I ran Software Update and installed the updates. One of them was the Flashback Removal Tool. I ran the update and when it finished it said it detected and removed the malware OSX.FlashBack.iv ... A few weeks ago I had run the terminal commands posted in these forums and his computer had come back clean. I suppose the commands checked for a different variant. I just wonder now what steps he should take? I already disabled Java in Safari Preferences. Should he go and change his passwords etc.? How do we know if it was even removed? I am currently installing Lion on his MacBook and wonder if I should have taken any other steps before doing so.

***So after installing Lion I ran Software Update and the Flashback Removal Tool was one of the updates again. After it installed and ran, nothing popped up so that's good at least. Still unsure if his MacBook is Malware free or not or if anything was compromised.