Tweaked Trojan Disables Automatic Updating of OS X Anti-Malware Tools

MacRumors

macrumors bot
Original poster
Apr 12, 2001
48,074
9,626



Last month, we noted as part of a report on an update to the anti-malware tools in OS X that a new trojan horse threat known as Flashback.A had surfaced, with the malware masquerading as a Flash Player installer. While Apple has continued to update its XProtect.plist to detect Flashback.A, security firm F-Secure now reports (via ZDNet) that a revised version of the trojan which disables the auto-updating feature of Apple's anti-malware tools has appeared.
There's something new brewing in Mac malware development (again).

Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in OS X anti-malware application.
The report walks through how the modified trojan overwrites XProtectUpdater files, preventing infected systems from performing their daily check for updated malware definitions and thus keeping the door open for future attacks.




Flashback.C installer
The Flashback.C trojan is capable of connecting to a remote host in order to download and execute further code, but it is unclear what the exploit is being used for at this time. Users are of course advised to download Flash Player and other software from trusted sources so as to avoid infecting their systems with trojans such as Flashback.C.

Update: MacRumors has heard and Sophos has confirmed that Apple had already updated its XProtect.plist entries to detect Flashback.C by the time news of it broke to the public. Consequently, users encountering the malware on Mac OS X Snow Leopard or OS X Lion should be automatically warned of the threat prior to mounting the package.

Article Link: Tweaked Trojan Disables Automatic Updating of OS X Anti-Malware Tools
 

iStudentUK

macrumors 65816
Mar 8, 2009
1,439
4
London
Quick everyone download MacDefender!


(My team of lawyers require me to note that I'm not actually suggesting anyone download MacDefender.)
 
Comment

RoboCop001

macrumors 65816
Oct 4, 2005
1,400
198
Toronto, Canada
I don't understand why these fools waste everyone's time by writing viruses, and I mean for any platform. Can't they put that energy and effort into something positive? :mad:
 
Comment

Mad-B-One

macrumors 6502a
Jun 24, 2011
789
4
San Antonio, Texas
The Reality Distortion Field that previously protected all Macs from all attacks appears to have dissipated.
It changed size and is only hovering over iOS at this time.

Quick everyone download MacDefender!


(My team of lawyers require me to note that I'm not actually suggesting anyone download MacDefender.)
Would be a solution. Two Trojan horses fighting each other. Maybe they block each other then? Someone please try that in a VM :D
 
Comment

435713

macrumors 6502a
May 19, 2010
834
152
I don't understand why these fools waste everyone's time by writing viruses, and I mean for any platform. Can't they put that energy and effort into something positive? :mad:
I'm actually with ya on that. I feel so bad when anyone on any platform has to deal with this crap. Lock as many up as possible and throw em in camps. Put em on a PPV where they are tortured like in Hostel, they'll learn sooner or later.

Not actually serious about torture and stuff to be clear.
 
Comment

ndpitch

macrumors 6502
Jun 9, 2010
278
24
Looks like this could be a leadup into needing anti-virus/anti-malware/anti-spyware on the Mac.
 
Comment

hobo.hopkins

macrumors 6502a
Jul 30, 2008
568
0
I foresee this discussion degrading very quickly...

In reality all one needs to do is be cautious of where they are downloading files, and this wouldn't be a problem.
 
Comment

tubular

macrumors 6502
Oct 19, 2011
455
1,033
A couple questions

1 - how can we tell if a machine is infected?
2 - how, if infected, can we remove it, short of a clean install?
 
Comment

Shrink

macrumors G3
Feb 26, 2011
8,931
1,605
New England, USA
i tH0uGh7 m4c d0Nt g3T v1rus
Oh, god, here we go again with the virus vs malware vs trojan vs etc., etc.

Malware is a generic category (malicious software). Viruses, trojans, spyware and all other crap that f***ks with your computer are malware.

Macs have never been infected by a virus up to this date. Yes, it is possible sometime in the future a virus could be developed that will infect a Mac. Nothing to this date!

Trojan is NOT a virus - it is a form of malware. Unlike a virus which can infect a computer without action on the part of the user, trojans have to be invited in. In short - the user has to screw up.

The best defense is an educated user.

(GGJstudios - How did I do?? :D :p:p)
 
Comment

stage1

macrumors newbie
Oct 19, 2011
3
0
CRAP!! I downloaded a flash update today on my macbook!

What should I do help!! I'm not joking.
 
Comment

Memo86

macrumors newbie
Sep 1, 2011
19
0
Well... i was a PC user in the XP era and i didn't get any virus (and there are thousands of windows wiruses, right?) so, I think that is REALLY HARD to get your mac infected. ¿Who would download flash from other site than Adobe.com? :confused:
 
Comment

RoboCop001

macrumors 65816
Oct 4, 2005
1,400
198
Toronto, Canada
1 - how can we tell if a machine is infected?
2 - how, if infected, can we remove it, short of a clean install?
I can't completely give you those answers but one way is Time Machine. If you're infected or fear that you are infected just restore your whole HD to a previous state.
 
Comment

Memo86

macrumors newbie
Sep 1, 2011
19
0
CRAP!! I downloaded a flash update today on my macbook!

What should I do help!! I'm not joking.
If you downloaded from Adobe Updater or from Adobe.com i'm sure you're safe... if you downloaded from some pr0n site or crappy page maybe you're in trouble... :p
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.