Where does the flashback trojan come from?

[Drew017]

Does anyone know exactly where one picks up the flashback maleware? I believe that I can't get it, since I've disabled Java in Safari and Chrome, along with installing the update. I'm just curious.

 

[GGJstudios]

Does anyone know exactly where one picks up the flashback maleware? I believe that I can't get it, since I've disabled Java in Safari and Chrome, along with installing the update. I'm just curious.

It's found on various infected websites. If you've disabled Java in your browser and you don't enter your admin password when prompted from random websites, you can't be affected by that trojan.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware FAQ​

1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall
   
   
2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General
   
   
3. Disable Java in your browser. (For Safari users, uncheck "Enable Java" in Safari > Preferences > Security.) This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave this unchecked until you visit a trusted site that requires Java, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)
   
   
4. Change your DNS servers to OpenDNS servers by reading this.
   
   
5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
   
   
6. Never let someone else have access to install anything on your Mac.
   
   
7. Don't open files that you receive from unknown or untrusted sources.
   
   
8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.
   
   
9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any virus, trojan, spyware, keylogger, or other malware. You don't need any 3rd party software to keep your Mac secure.

 

[Drew017]

Thanks for the tip! I've haven't recieved any popups from sites yet, but I'll be on the lookout. I do still wonder which sites it comes from, though...

 

[GGJstudios]

Thanks for the tip! I've haven't recieved any popups from sites yet, but I'll be on the lookout. I do still wonder which sites it comes from, though...

It comes from random sites that have been infected. There is no way to know which sites have or haven't been infected.

 

[Drew017]

Ah... I see!

 

[tone*]

Thanks for the tip! I've haven't recieved any popups from sites yet, but I'll be on the lookout. I do still wonder which sites it comes from, though...

Latest variant doesn't prompt for a password so I would just disable java.

 

[Drew017]

Thanks for the tip, I just did also, I downloaded the update.