Tweaked Trojan Disables Automatic Updating of OS X Anti-Malware Tools

[LastLine]

Best idea is to use chrome as your browser

Agreed - or to accept Flash needs to die ;-) Roll in new standards.

 

[Surreal]

That's the problem. As of Flash 10.3, the real Flash updates download automatically as you're browsing the web. The only truly good solution is to use Chrome, which includes Flash. Uninstall Flash from the system. Then, if you ever get a notice to install a Flash upgrade, you know it's malware.

You can still go download yourself.

 

[crazy dave]

That's the problem. As of Flash 10.3, the real Flash updates download automatically as you're browsing the web. The only truly good solution is to use Chrome, which includes Flash. Uninstall Flash from the system. Then, if you ever get a notice to install a Flash upgrade, you know it's malware.

It checks for updates automatically when one is browsing the web, but doesn't download them automatically - you still have to hit an agree button so he may have gotten the message from Flash while on Yahoo, but it had nothing with being on Yahoo. I actually have my preferences set to only check for updates when I tell it to, but I probably should make it more automatic.

 

[Versus]

Macs are nowhere near the PC world when it comes to malware. PCs have viruses, Macs do not. This won't even be a problem to an an educated user.

Oh, that's good. As I said, I may not be a Mac user, but I appreciate all their strengths. Last week I got a nice little trojan dropper from a "respectable" website and was happy to have a secure OS device on hand to pay some bills and use the web until I could reformat.

 

[phillipduran]

I don't understand why these fools waste everyone's time by writing viruses, and I mean for any platform. Can't they put that energy and effort into something positive?

It's easy money for the corrupt. They will get caught eventually.

 

[Darth.Titan]

Only PowerPC macs are IMMUNE.. Its when Apple opened to INTEL is now why we are getting viruses and malware.

That statement is wrong in so many ways I don't even know where to start.

Oh well, I'm sure someone else will be along soon to point out the multiple inaccuracies of your post.

 

[shamino]

It's disturbing that, after decades of malware, that people will still consider installing software from untrusted sources. Especially when the software is a free download.

Macs have never been infected by a virus up to this date. Yes, it is possible sometime in the future a virus could be developed that will infect a Mac. Nothing to this date!

More accurately, Mac OS X has never been infected by a virus up to this date. There have been viruses for the classic Mac platform, although most are very old and not likely to be in the wild, and wouldn't work on a modern Mac even if you downloaded it.

CRAP!! I downloaded a flash update today on my macbook! What should I do help!! I'm not joking.

Where did you download it from? The official source is from Adobe: http://get.adobe.com/flashplayer/. You shouldn't consider installing a copy downloaded from anywhere else.

 

[GarageRock]

Took me a few years as a PC guy to actually install an anti-virus....when I did, I rareley got hit!! When I made the switch to the mac(3 yrs ago), I didn't bother with an antivirus but now I have Nod32 installed which is by far the best antivirus around, and it's installed to protect myself *just in case* and also, I'll download PC files on my mac, scan them, then transfer to the PC.

With that said, I'd like to say Hi, finally joined after reading this forum for the last 2 years!!

 

[Santabean2000]

Both of these posts are laughably uninformed.

The Mac's resistance to viruses has nothing to do with market share, nor did it have to do with the PowerPC architecture.

There still has never been a virus reported on OS X. Not likely to change any time soon. And that would be the case if Apple had 99% of the PC market.

The irony. Love the self-assured arrogance though, very becoming...

 

[KnightWRX]

Is purchasing a good virus checker any use or are they all a waste of money.

Considering there is yet to be a OS X virus...

Trojans are simple to defend against guys : Don't be gullible.

 

[Lock]

That's the problem. As of Flash 10.3, the real Flash updates download automatically as you're browsing the web. The only truly good solution is to use Chrome, which includes Flash. Uninstall Flash from the system. Then, if you ever get a notice to install a Flash upgrade, you know it's malware.

+1. It makes life much simpler.

 

[KnightWRX]

The irony. Love the self-assured arrogance though, very becoming...

What Irony ? The guy is basically right, both those posts were grossly misinformed.

 

[HiDEF]

so Adobe Flash updates will never ask for your PW?

 

[KnightWRX]

Agreed - or to accept Flash needs to die ;-) Roll in new standards.

What does Flash needing to die have to do with this ? This thing could pose as a SilverLight or iTunes or Quicktime or any other kind of update. They just happened to pick Flash.

 

[Versus]

It's easy money for the corrupt. They will get caught eventually.

And it's easier money for the people that make AV software. In fact, some could say that those are the people responsible for the maleware to begin with. The best way to sell a product that detects something is to make sure there's plenty of things to detect, right?

You ever see the movie The Frighteners? Michael J Fox = AV Software developer. Ghosts = Virus. Works out nicely.

 

[mpb2000]

What is the name of the installer for this thing? Is the actual file name the same as what you would download from adobe? If not, if you still have the installer, you can check that.

 

[Therbo]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

so Adobe Flash updates will never ask for your PW?

Actually they need to, they install to a system library, which you dont own

So an administrator will have to give the program temporary root privs so it can update the files, hence why it ask for your password.

 

[markgodley]

i remember having the 666 infection on one of my old machines (performa 6400/200).. wasn't that a virus?

 

[Mr. McMac]

iOS is the future

I hope not

 

[Vegasman]

How do I prevent this from happening on OS 10.5.8?

Windows 7?

 

[KnightWRX]

I hope not

Not to mention iOS isn't immune to this stuff either. What do you think the guy jailbreakme.com was using ? A security flaw that would have allowed any kind of malware to get through, not just jailbreaking tools.

 

[benji888]

If you downloaded the real Flash update, then you have absolutely nothing to worry about. This is only if you visit a really shady website who tells you to update Flash and instead of actually going to the real Flash's website you download and install the "Flash" version from said shady website. If you did that, then you might have a problem.

I updated flash days ago, I can't remember what all it looked like, but, I am noticing my computer seems to be slower, wondering what I actually downloaded as the pic shown looks the same as what it would look like from adobe. ...and I just cleaned up my downloads folder.

So, this article is a little confusing, so, how do I know what I actually installed?? ...did adobe just release an update? (of course they did, this is what they use to trick people).

ugh.

another reason to hate flash? ...I wish we could ban flash from the internet! ...that slothful memory hog!

 

[xizar]

This link may help : http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_c.shtml
But this version of the trojan wipes out the XProtectUpdater. A combo update may reinstall it.

I apologize if this seems overly specious, but what does "wipe out" mean? Delete? Replace with an empty text file? Replace with a text file that looks right but isn't?

I realize that the web page to which you refer uses the same phrase.

I also downloaded an update while using Chrome and currently have the following for my xprotectupdater:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>StartInterval</key>
	<integer>86400</integer>
	<key>Label</key>
	<string>com.apple.xprotectupdater</string>
	<key>ProgramArguments</key>
	<array>
		<string>/usr/libexec/XProtectUpdater</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
</dict>
</plist>

Is that what's supposed to be there?

(To avoid recriminations of "lol n00b y u flash bro chr0m iz al u ned!", I have found that Steam requires a separate install of Flash to display things, so plz don't taze me, bro.)

 

[tirerim]

What Irony ? The guy is basically right, both those posts were grossly misinformed.

Yes, they were, but that still doesn't make Macs invulnerable. All it takes is a good privilege escalation attack (which are certainly not unheard of on *nix-based OSes), and then for someone to automate it.

 

[Therbo]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

iOS is the future

I hope not

If apple merged iOS and OS X (which they won't)

The entire OS X developer community (PHP, Perl, C++ etc) will leave