Flashback Trojan Returns With a Multi-Pronged Infection Strategy

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Feb 24, 2012.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Last year, we profiled a Mac trojan horse known as "Flashback" that was masquerading as a Flash Player installer. While Apple has taken steps to protect users from the threat using its File Quarantine system under which users' computers initiate daily checks for updated malware definitions, the malware's authors have continued to tweak the trojan to improve its ability to both infect systems and evade detection.

    Security firm Intego has issued a report on a new variant of the trojan, known as Flashback.G, which adopts a multi-pronged strategy in attacking users' systems. The first two methods rely on vulnerabilities in Java, and while the vulnerabilities are patched in systems running up-to-date versions of Java, outdated systems can be silently infected through these security holes.


    Flashback.G's self-signed certificate seeking to trick users into allowing installation
    On up-to-date systems lacking the Java vulnerabilities, Flashback.G presents a self-signed certificate claiming to be from Apple in an attempt to fool users into allowing the trojan to be installed on their systems. Once installed, the trojan begins searching for user names and passwords it can relay to the malware's authors.
    Notably, Intego reports that the trojan aborts its own installation if it detects the presence of any of several antivirus applications on a user's Mac, presumably seeking to remain below the radar while focusing on vulnerable systems.

    Intego recommends that users on Mac OS X Snow Leopard make sure that Java is fully up-to-date by running a check through Software Update, and for all users to be aware of the social engineering trick the trojan uses in attempting to gain permission for installation. The company of course also recommends that users equip their systems with antivirus software.

    While malware has not been a tremendous threat to Mac users so far, its presence has been growing. Apple has stepped up its efforts to combat malware by enhancing its File Quarantine system to provide for the daily definition checks. OS X Mountain Lion will see another significant step with the introduction of Gatekeeper, a system by which users can limit installation of apps to sources such as the Mac App Store and developers who have registered with Apple as "identified developers".

    Apple's Developer-ID program will utilize digital signatures on applications to link applications with a specific developer. If the developer is later discovered to be distributing malware or otherwise behaving improperly, installations of its existing apps can be deactivated by Gatekeeper. Gatekeeper does have its limitations, however, as it only scans applications downloaded through a handful of mechanisms such as browsers and can not detect applications that are modified by malware after their initial launch.

    Article Link: Flashback Trojan Returns With a Multi-Pronged Infection Strategy
  2. themoffster macrumors regular

    Apr 26, 2011
    the more populate macs are, the more of these we will see
  3. androiphone macrumors 65816

    Dec 13, 2009
    and this is why the 2 most important parts of computing are:

    1. keep your computer up-to-date


    2. use a little common sense when something pops up (though I admit that is easier to more knowledgeable people like us than the wider 'mass' consumer)
  4. chris200x9 macrumors 6502a

    Jun 3, 2006
  5. Yamcha macrumors 68000

    Mar 6, 2008
    This could potentially be a real issue for new Mac users..
  6. MJL macrumors 6502a

    Jun 25, 2011
    Apple computers do not get a virus. Yeah right. (as the Tui advertisment goes).
  7. Lukeyy19 macrumors 6502a


    Feb 16, 2010
    England, UK
    "the malware's authors" you mean a couple of **********
  8. grapes911 Moderator emeritus


    Jul 28, 2003
    Citizens Bank Park
    Trojan != Virus
  9. roadbloc macrumors G3


    Aug 24, 2009
    And to think people said that the fact that OS X lacked malware had nothing to do with it's marketshare.
  10. Small White Car macrumors G4

    Small White Car

    Aug 29, 2006
    Washington DC
    First off, no one in any position of authority has ever said Macs don't or can't get viruses.

    Secondly, this is a trojan, so talking about viruses here is kind of beside the point.

    Their computer marketshare is far, far larger than their malware market share.

    So yeah, I'm STILL saying that there are other factors at play. If that wasn't true you'd see malware market share matching sales market share. And that hasn't happened.
  11. Can't Stop macrumors 6502

    Dec 22, 2011
    It doesn't.
  12. MJL macrumors 6502a

    Jun 25, 2011
    Whatever, still malware.
  13. macomrade macrumors newbie


    Sep 14, 2005
    Maryland, USA
    Feel like the fact that this makes front-page news is a testament of OS X's resiliency to such threats. Could probably count on one hand the malware for X over it's 10 year tenure. And I don't really see this changing, even with the popularity of the Mac soaring. Robust, engineered software security will always win out.
  14. jman240 macrumors 6502a

    May 26, 2009
    So for those of us who got their parents Macs..

    Anyone recommend a good A/V program while we wait for ML to come out?
  15. karohan macrumors 6502

    Jun 25, 2010
    It sounds pedantic, but it is sort of an important distinction to make. Viruses can be spread without any user input, while trojans still require the user to at some point (albeit unknowingly) permit them.
  16. grapes911 Moderator emeritus


    Jul 28, 2003
    Citizens Bank Park
    The argument has usually been applied to viruses. Trojans require user input and can effect anything. Yes, security holes are taken advantage of to make this Trojan look legit, but there is no defense for the most basic Trojan. If I wrote and app that said you'll be granted three wishes after you enter your password, but instead I use your password to delete all files on you computer, that is a Trojan. There is no defense for such things expect common sense.

    It's a huge distinction.

    The best AV program is to not download from or even visit shady sites.
  17. *LTD* macrumors G4


    Feb 5, 2009
    They're right.

    What do we get? Two per year?

    And these aren't even viruses.
  18. Acerone macrumors regular


    Mar 3, 2009
    You just reminded me to check for an update and sure enough my 2011 MBA had one...
  19. uknowimright macrumors 6502a


    Dec 30, 2011
    not as many as Windows but not as little as you would like to think Mr. LTD

  20. Nielsenius macrumors 6502a

    Apr 16, 2011
    Is this a virus created for the purpose of allowing a hacker to access a user's computer or is it simply a destructive troll virus?
  21. Sweetcheetah macrumors member


    Jun 28, 2007
    Bellingham, WA
    It's like, GET A LIFE $*%$#ING MALWARE PEOPLE!!! Both PC and MAC. I feel sorry for those consumers both PC and Mac that have to deal with those and have to suffer the consequences. I guess this is what life is about... part of it anyway because we live in an unsafe world. Well, just be thankful for those of us who are more aware of the situation and can handle it. I sure am thankful for these kinds of websites... which this forum is my favorite. Thanks MacRUMORS, just wish that Malware and virus was JUST that, benign rumors.
  22. CylonGlitch macrumors 68030


    Jul 7, 2009
    Crap, I just did a "Check for Update" and it asked for the Administrator user name and password. Should I be worried?

    LOL.. Yeah, guess I should check for an update... but wasn't it just announced there was one yesterday? Something about the EFI bios?

    Well, what do you know, one "Security" update. Installing it now. :D
  23. CorporateFelon macrumors regular


    Oct 26, 2007
    Boston, MA
    Unfortunately on older systems the users do not get the popup about the security certificate. It installs itself automatically.

    From the actual blog posted as referenced in the article.
  24. jman240 macrumors 6502a

    May 26, 2009
    Yeah if you can train my parents to do that be my guest. I don't live with them, they use a Mac.

    Anyway, I found ClamXAV and Sophos. Anyone have experience with these?
  25. mendosa05 macrumors newbie

    Feb 24, 2012
    Would there be any way of checking an infection? My wife thinks she may have clicked something similar yesterday night but was related to Yahoo mail certificate?

    Many thanks.

Share This Page