ad: Amateuramateur-1

Flashback Trojan Hits 600,000 Macs and Counting

Discussion in 'Computers, Hardware, and Operating Systems' started by AF6LJ, Apr 5, 2012.

Thread Status:
Not open for further replies.
ad: L-HROutlet
ad: l-rl
ad: l-gcopper
ad: K3QNTad-1
ad: L-rfparts
ad: Subscribe
  1. AF6LJ

    AF6LJ Premium Subscriber QRZ Page

    Well Mac owners looks like the party is over, it was only a matter of time as Macs became more popular, now they are a more useful target.
    Security should always be on the minds of all computer and smart phone owners, as iPhones and Droids are soon to follow with their own threats.

    Thank you

    [h=2]Flashback Trojan Hits 600,000 Macs and Counting[/h]
    twoheadedboy writes
    "A Flashback variant dubbed Backdoor.Flashback.39 has infected over 600,000 Macs, according to Russian security firm Dr Web. The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year. The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs."
  2. WA9SVD

    WA9SVD Ham Member QRZ Page

    Unfortunately, this merely demonstrates that NO Operating System is immune from viruses and malware. While attacks on the MAC OS have been few and far between, they can still occur, and to somehow presume (not assume) that a MAC system or LINUX system is entirely immune to attack or damage from malicious software is simply "famous last words."
    Those of us condemned to the Windoze environment (whether by choice or by circumstance) have to deal with such threats on perhaps a daily basis, and use specific software to prevent or eliminate security threats and/or intellectual damage to our computers. But other OS's are NOT somehow intrinsically "immune," and it will only be a matter of time before attacks on other OS's become common.
  3. K8ERV

    K8ERV Ham Member QRZ Page

    I don't have any Apple equipment, but what does it do?

    When is the world going to cooperate, find, hang without trial all these bad guys?

    TOM K8ERV Montrose Colo
  4. K0STK

    K0STK Ham Member QRZ Page

    What is the Flashback malware?

    It is a Java runtime exploit as described in the article Java update for OS X patches Flashback malware exploit - c|net. A patch is available via Software Update for systems that have Java installed, but can also be downloaded from the following Apple support Web pages. The update is available only for OS X 10.6 and 10.7, since Apple has stopped supporting prior versions of OS X.

    Java for Mac OS X 10.6 Update 7
    Java for OS X Lion 2012-001

    Here are links to a few (of many) articles which provide background information about the exploit, how to determine if your Mac is "infected" and what to do about it.

    Mac Flashback malware: What it is and how to get rid of it (FAQ) - c|net
    Mac Flashback Trojan: Are You Infected? How Do You Remove It? - Forbes
    Trojan-Downloader:OSX/Flashback.K - f-secure

    How do I tell if I have it? (From the c|net article)

    Right now the easiest way to tell if your computer has been infected is to run some commands in Terminal, a piece of software you'll find in the Utilities folder in your Mac's Applications folder. If you want to find it without digging, just do a Spotlight search for "Terminal."

    Once there, copy and paste each one of the code strings below into the terminal window. The command will run automatically:

    defaults read /Applications/ LSEnvironment
    defaults read /Applications/ LSEnvironment
    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    If your system is clean, the commands will tell you that those domain/default pairs "does not exist." If you're infected, it will spit up the patch for where that malware has installed itself on your system.

    How do I remove it?

    How to remove the Flashback malware from OS X - c|net and Trojan-Downloader:OSX/Flashback.K - f-secure provide instructions for manual removal as well as additional information about how to detect it.
    Last edited: Apr 6, 2012
  5. KA5LQJ

    KA5LQJ Ham Member QRZ Page

    Jumpin' Jehosaphat! LOL!

    Why is it when you think things are going well in Computer Land, somebody's got to drop a cow paddy in the punch bowl? My guess is the Mac malware was 'invented' in China or the Middle East. I guess it's just the way I was reared, not to harm folks and their stuff.

    Now, I don't have to remind everyone about my computer skills. Y' all know by now I could
    not help program a "patch" to Linux that could be run and block all these JAVA exploits. The only option I see is to #1. Never hook up to the INet or just not use JAVA at all. Neither is feasible. I use Java to see the NOAA radar out of Fort Worth when the weather gets severe.
    If it does something else in my computer, I'm not aware of it.

    If someone could come up with code that can't be read, reverse-engineered or printed so it's exposed yet would make your computer "stealth" to everyone else, like behind 40 firewalls, LOL! I'd be glad to buy that software and use it to the MAX.

    Now, Question: IS there an anti-virus/anti-malware/anti-browser-grabber for Linux? The one things (among many) I like about LINUX is that the DATA is kept in a different directory on the hard drive, No? Yes? I know in the past when I've seen linux installed, it made a HOME, DATA, BIN, etc directories so that should the computer stop working (NO BSOD), you could simply restart the program and the data was still there, safe.

    Anybody like my idea so far? I couldn't pay anyone to write such a "bloc", but I'd give you credit in an email I may send, they you can charge them for your work. LOL!


    JESUS is the REASON for the SEASON,
    "Thank You, LORD!"
  6. N0WUE

    N0WUE Ham Member QRZ Page

    fools, mac's are impervious!
  7. N0WUE

    N0WUE Ham Member QRZ Page

    not really, the ones out there, mostly look for windows virii
  8. WA9SVD

    WA9SVD Ham Member QRZ Page

    Like I said, "Famous last words." You yourself admit that computer "viri" MOSTLY look for Windoze. That can be a fatal assumption or presumption. With time, there will be more threats to MAC OS, and Linux.
  9. N0WUE

    N0WUE Ham Member QRZ Page

    no, I said virus scanners for linux look for windows virus signatures.
  10. WA9SVD

    WA9SVD Ham Member QRZ Page

    Which may be even MORE scary. There are occasional LINUX exploits, and (now) obviously an exploit for the MAC. If software based on other OS's (such as LINUX or MAC O/S,) only search for Windoze based virus signatures, they are still vulnerable.
Thread Status:
Not open for further replies.

Share This Page