Flashback Trojan Returns With a Multi-Pronged Infection Strategy

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Feb 24, 2012.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Last year, we profiled a Mac trojan horse known as "Flashback" that was masquerading as a Flash Player installer. While Apple has taken steps to protect users from the threat using its File Quarantine system under which users' computers initiate daily checks for updated malware definitions, the malware's authors have continued to tweak the trojan to improve its ability to both infect systems and evade detection.

    Security firm Intego has issued a report on a new variant of the trojan, known as Flashback.G, which adopts a multi-pronged strategy in attacking users' systems. The first two methods rely on vulnerabilities in Java, and while the vulnerabilities are patched in systems running up-to-date versions of Java, outdated systems can be silently infected through these security holes.

    [​IMG]


    Flashback.G's self-signed certificate seeking to trick users into allowing installation
    On up-to-date systems lacking the Java vulnerabilities, Flashback.G presents a self-signed certificate claiming to be from Apple in an attempt to fool users into allowing the trojan to be installed on their systems. Once installed, the trojan begins searching for user names and passwords it can relay to the malware's authors.
    Notably, Intego reports that the trojan aborts its own installation if it detects the presence of any of several antivirus applications on a user's Mac, presumably seeking to remain below the radar while focusing on vulnerable systems.

    Intego recommends that users on Mac OS X Snow Leopard make sure that Java is fully up-to-date by running a check through Software Update, and for all users to be aware of the social engineering trick the trojan uses in attempting to gain permission for installation. The company of course also recommends that users equip their systems with antivirus software.

    While malware has not been a tremendous threat to Mac users so far, its presence has been growing. Apple has stepped up its efforts to combat malware by enhancing its File Quarantine system to provide for the daily definition checks. OS X Mountain Lion will see another significant step with the introduction of Gatekeeper, a system by which users can limit installation of apps to sources such as the Mac App Store and developers who have registered with Apple as "identified developers".

    Apple's Developer-ID program will utilize digital signatures on applications to link applications with a specific developer. If the developer is later discovered to be distributing malware or otherwise behaving improperly, installations of its existing apps can be deactivated by Gatekeeper. Gatekeeper does have its limitations, however, as it only scans applications downloaded through a handful of mechanisms such as browsers and can not detect applications that are modified by malware after their initial launch.

    Article Link: Flashback Trojan Returns With a Multi-Pronged Infection Strategy
     
  2. themoffster macrumors regular

    Joined:
    Apr 26, 2011
    #2
    the more populate macs are, the more of these we will see
     
  3. androiphone macrumors 65816

    Joined:
    Dec 13, 2009
    #3
    and this is why the 2 most important parts of computing are:

    1. keep your computer up-to-date

    and

    2. use a little common sense when something pops up (though I admit that is easier to more knowledgeable people like us than the wider 'mass' consumer)
     
  4. chris200x9 macrumors 6502a

    Joined:
    Jun 3, 2006
  5. Yamcha macrumors 68000

    Joined:
    Mar 6, 2008
    #5
    This could potentially be a real issue for new Mac users..
     
  6. MJL macrumors 6502a

    Joined:
    Jun 25, 2011
    #6
    Apple computers do not get a virus. Yeah right. (as the Tui advertisment goes).
     
  7. Lukeyy19 macrumors 6502a

    Lukeyy19

    Joined:
    Feb 16, 2010
    Location:
    England, UK
    #7
    "the malware's authors" you mean a couple of **********
     
  8. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #8
    Trojan != Virus
     
  9. roadbloc macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
    #9
    And to think people said that the fact that OS X lacked malware had nothing to do with it's marketshare.
     
  10. Small White Car macrumors G4

    Small White Car

    Joined:
    Aug 29, 2006
    Location:
    Washington DC
    #10
    First off, no one in any position of authority has ever said Macs don't or can't get viruses.

    Secondly, this is a trojan, so talking about viruses here is kind of beside the point.


    Their computer marketshare is far, far larger than their malware market share.

    So yeah, I'm STILL saying that there are other factors at play. If that wasn't true you'd see malware market share matching sales market share. And that hasn't happened.
     
  11. Can't Stop macrumors 6502

    Joined:
    Dec 22, 2011
    #11
    It doesn't.
     
  12. MJL macrumors 6502a

    Joined:
    Jun 25, 2011
    #12
    Whatever, still malware.
     
  13. macomrade macrumors newbie

    macomrade

    Joined:
    Sep 14, 2005
    Location:
    Maryland, USA
    #13
    Feel like the fact that this makes front-page news is a testament of OS X's resiliency to such threats. Could probably count on one hand the malware for X over it's 10 year tenure. And I don't really see this changing, even with the popularity of the Mac soaring. Robust, engineered software security will always win out.
     
  14. jman240 macrumors 6502a

    Joined:
    May 26, 2009
    #14
    So for those of us who got their parents Macs..

    Anyone recommend a good A/V program while we wait for ML to come out?
     
  15. karohan macrumors 6502

    Joined:
    Jun 25, 2010
    #15
    It sounds pedantic, but it is sort of an important distinction to make. Viruses can be spread without any user input, while trojans still require the user to at some point (albeit unknowingly) permit them.
     
  16. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #16
    The argument has usually been applied to viruses. Trojans require user input and can effect anything. Yes, security holes are taken advantage of to make this Trojan look legit, but there is no defense for the most basic Trojan. If I wrote and app that said you'll be granted three wishes after you enter your password, but instead I use your password to delete all files on you computer, that is a Trojan. There is no defense for such things expect common sense.

    It's a huge distinction.

    The best AV program is to not download from or even visit shady sites.
     
  17. *LTD* macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
    #17
    They're right.

    What do we get? Two per year?

    And these aren't even viruses.
     
  18. Acerone macrumors regular

    Acerone

    Joined:
    Mar 3, 2009
    #18
    You just reminded me to check for an update and sure enough my 2011 MBA had one...
     
  19. uknowimright macrumors 6502a

    uknowimright

    Joined:
    Dec 30, 2011
    #19
    not as many as Windows but not as little as you would like to think Mr. LTD

    http://www.pcworld.com/article/248459/mac_malware_threats_increase.html
     
  20. Nielsenius macrumors 6502a

    Joined:
    Apr 16, 2011
    Location:
    Virginia
    #20
    Is this a virus created for the purpose of allowing a hacker to access a user's computer or is it simply a destructive troll virus?
     
  21. Sweetcheetah macrumors member

    Sweetcheetah

    Joined:
    Jun 28, 2007
    Location:
    Bellingham, WA
    #21
    It's like, GET A LIFE $*%$#ING MALWARE PEOPLE!!! Both PC and MAC. I feel sorry for those consumers both PC and Mac that have to deal with those and have to suffer the consequences. I guess this is what life is about... part of it anyway because we live in an unsafe world. Well, just be thankful for those of us who are more aware of the situation and can handle it. I sure am thankful for these kinds of websites... which this forum is my favorite. Thanks MacRUMORS, just wish that Malware and virus was JUST that, benign rumors.
     
  22. CylonGlitch macrumors 68030

    CylonGlitch

    Joined:
    Jul 7, 2009
    Location:
    SoCal
    #22
    Crap, I just did a "Check for Update" and it asked for the Administrator user name and password. Should I be worried?
    :cool:

    LOL.. Yeah, guess I should check for an update... but wasn't it just announced there was one yesterday? Something about the EFI bios?

    Well, what do you know, one "Security" update. Installing it now. :D
     
  23. CorporateFelon macrumors regular

    CorporateFelon

    Joined:
    Oct 26, 2007
    Location:
    Boston, MA
    #23
    Unfortunately on older systems the users do not get the popup about the security certificate. It installs itself automatically.

    From the actual blog posted as referenced in the article.
     
  24. jman240 macrumors 6502a

    Joined:
    May 26, 2009
    #24
    Yeah if you can train my parents to do that be my guest. I don't live with them, they use a Mac.

    Anyway, I found ClamXAV and Sophos. Anyone have experience with these?
     
  25. mendosa05 macrumors newbie

    Joined:
    Feb 24, 2012
    #25
    Would there be any way of checking an infection? My wife thinks she may have clicked something similar yesterday night but was related to Yahoo mail certificate?

    Many thanks.
     

Share This Page