Flashback Trojan Hits 600,000 Macs and Counting

Discussion in 'Computers, Hardware, and Operating Systems' started by AF6LJ, Apr 5, 2012.

Thread Status:
Not open for further replies.
ad: L-HROutlet
ad: l-assoc
ad: Subscribe
ad: l-innov
ad: l-Waters
ad: l-gcopper
ad: L-rfparts
ad: l-rl
  1. AF6LJ

    AF6LJ Premium Subscriber QRZ Page

    Well Mac owners looks like the party is over, it was only a matter of time as Macs became more popular, now they are a more useful target.
    Security should always be on the minds of all computer and smart phone owners, as iPhones and Droids are soon to follow with their own threats.

    Thank you Slashdot.org.....

    [h=2]Flashback Trojan Hits 600,000 Macs and Counting[/h]
    twoheadedboy writes
    "A Flashback variant dubbed Backdoor.Flashback.39 has infected over 600,000 Macs, according to Russian security firm Dr Web. The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year. The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs."
  2. WA9SVD

    WA9SVD Ham Member QRZ Page

    Unfortunately, this merely demonstrates that NO Operating System is immune from viruses and malware. While attacks on the MAC OS have been few and far between, they can still occur, and to somehow presume (not assume) that a MAC system or LINUX system is entirely immune to attack or damage from malicious software is simply "famous last words."
    Those of us condemned to the Windoze environment (whether by choice or by circumstance) have to deal with such threats on perhaps a daily basis, and use specific software to prevent or eliminate security threats and/or intellectual damage to our computers. But other OS's are NOT somehow intrinsically "immune," and it will only be a matter of time before attacks on other OS's become common.
  3. K8ERV

    K8ERV Ham Member QRZ Page

    I don't have any Apple equipment, but what does it do?

    When is the world going to cooperate, find, hang without trial all these bad guys?

    TOM K8ERV Montrose Colo
  4. K0STK

    K0STK Ham Member QRZ Page

    What is the Flashback malware?

    It is a Java runtime exploit as described in the article Java update for OS X patches Flashback malware exploit - c|net. A patch is available via Software Update for systems that have Java installed, but can also be downloaded from the following Apple support Web pages. The update is available only for OS X 10.6 and 10.7, since Apple has stopped supporting prior versions of OS X.

    Java for Mac OS X 10.6 Update 7
    Java for OS X Lion 2012-001

    Here are links to a few (of many) articles which provide background information about the exploit, how to determine if your Mac is "infected" and what to do about it.

    Mac Flashback malware: What it is and how to get rid of it (FAQ) - c|net
    Mac Flashback Trojan: Are You Infected? How Do You Remove It? - Forbes
    Trojan-Downloader:OSX/Flashback.K - f-secure

    How do I tell if I have it? (From the c|net article)

    Right now the easiest way to tell if your computer has been infected is to run some commands in Terminal, a piece of software you'll find in the Utilities folder in your Mac's Applications folder. If you want to find it without digging, just do a Spotlight search for "Terminal."

    Once there, copy and paste each one of the code strings below into the terminal window. The command will run automatically:

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment
    defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    If your system is clean, the commands will tell you that those domain/default pairs "does not exist." If you're infected, it will spit up the patch for where that malware has installed itself on your system.

    How do I remove it?

    How to remove the Flashback malware from OS X - c|net and Trojan-Downloader:OSX/Flashback.K - f-secure provide instructions for manual removal as well as additional information about how to detect it.
    Last edited: Apr 6, 2012
  5. KA5LQJ

    KA5LQJ Ham Member QRZ Page

    Jumpin' Jehosaphat! LOL!

    Why is it when you think things are going well in Computer Land, somebody's got to drop a cow paddy in the punch bowl? My guess is the Mac malware was 'invented' in China or the Middle East. I guess it's just the way I was reared, not to harm folks and their stuff.

    Now, I don't have to remind everyone about my computer skills. Y' all know by now I could
    not help program a "patch" to Linux that could be run and block all these JAVA exploits. The only option I see is to #1. Never hook up to the INet or just not use JAVA at all. Neither is feasible. I use Java to see the NOAA radar out of Fort Worth when the weather gets severe.
    If it does something else in my computer, I'm not aware of it.

    If someone could come up with code that can't be read, reverse-engineered or printed so it's exposed yet would make your computer "stealth" to everyone else, like behind 40 firewalls, LOL! I'd be glad to buy that software and use it to the MAX.

    Now, Question: IS there an anti-virus/anti-malware/anti-browser-grabber for Linux? The one things (among many) I like about LINUX is that the DATA is kept in a different directory on the hard drive, No? Yes? I know in the past when I've seen linux installed, it made a HOME, DATA, BIN, etc directories so that should the computer stop working (NO BSOD), you could simply restart the program and the data was still there, safe.

    Anybody like my idea so far? I couldn't pay anyone to write such a "bloc", but I'd give you credit in an email I may send, they you can charge them for your work. LOL!


    JESUS is the REASON for the SEASON,
    "Thank You, LORD!"
  6. N0WUE

    N0WUE Ham Member QRZ Page

    fools, mac's are impervious!
  7. N0WUE

    N0WUE Ham Member QRZ Page

    not really, the ones out there, mostly look for windows virii
  8. WA9SVD

    WA9SVD Ham Member QRZ Page

    Like I said, "Famous last words." You yourself admit that computer "viri" MOSTLY look for Windoze. That can be a fatal assumption or presumption. With time, there will be more threats to MAC OS, and Linux.
  9. N0WUE

    N0WUE Ham Member QRZ Page

    no, I said virus scanners for linux look for windows virus signatures.
  10. WA9SVD

    WA9SVD Ham Member QRZ Page

    Which may be even MORE scary. There are occasional LINUX exploits, and (now) obviously an exploit for the MAC. If software based on other OS's (such as LINUX or MAC O/S,) only search for Windoze based virus signatures, they are still vulnerable.
  11. N0WUE

    N0WUE Ham Member QRZ Page

    not really
  12. WA9SVD

    WA9SVD Ham Member QRZ Page

    Care to explain? Why would only searching for Windows viri and malware cause a LINUX or MAC not to be vulnerable to an attack directed against LINUX or MAC?
    Or you presuming only Windows is susceptible to malware and viri?
  13. AC0H

    AC0H Premium Subscriber QRZ Page

    A local system admin for a large school district near hear is a Mac disciple of the 1st order.
    Mac this and Mac that, Steve Jobs is the greatest human ever born, yada, yada, yada.
    He also hosts a local Saturday morning radio show on IT and Tech.
    He can't even bring himself to acknowlege the threat on the air. Massive denial.

    Reality slapped him this week when he and his crew discovered they have 1500 infected Mac's.
  14. AB2T

    AB2T Ham Member QRZ Page

    The closed repository system on Ubuntu will provide users of that linux flavor a degree of protection from potential linux worms and viruses. This barrier will be breached at some point. For now, however, the upgrade repository model has been a suprisingly safe and robust way to distribute computer maintenance.

    Linux programs also run very "clean", with an excellent ability to isolate poorly running or infected tasks without bringing the entire system down. So long as one maintains a well isolated file archive system, it will not be difficult to isolate and terminate a troublemaking routine within the bash shell and within x11.

    And yet, I cannot convince my parents or my siblings to use Linux. :confused::mad: The world's most robust, elegantly simple, and eminently scalable operating system is FREE. :cool:

    73, Jordan
  15. AF6LJ

    AF6LJ Premium Subscriber QRZ Page

    Good stuff:)
    This computer also boots Linux.
  16. N0SYA

    N0SYA Ham Member QRZ Page

    Ahhh java. Every time my folks pc was hit with virii it was embedded in the java engine. I h8 java.
  17. AF6LJ

    AF6LJ Premium Subscriber QRZ Page

    Java is kind of a PITA....
  18. N0SYA

    N0SYA Ham Member QRZ Page

    I must admit that I admire a good java malware, they are about the only ones that put up any real resistance to my 1337 sk1llz
  19. KD0CAC

    KD0CAC Ham Member QRZ Page

    Used the links , no nasties here :)
Thread Status:
Not open for further replies.

Share This Page