Page 2 of 6 FirstFirst 123456 LastLast
Results 16 to 30 of 86
  1. #16

    RavingMac's Avatar
    Member Since
    Jan 07, 2008
    Location
    In Denial
    Posts
    7,931
    Specs:
    4GB Mac Mini 2012, 13" MBA, 15" MacBook Pro OSX 10.7, 32 GB iPhone 3GS, iPad2 64gb 3G
    You were too quick for me (or I was too slow)

    Was in the process of merging these when you beat me to it.
    I've always wanted to be smart, handsome and modest. But, I guess I'll have to be satisfied with two out of three . . .

  2. #17

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,782
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    Quote Originally Posted by Razormac View Post
    You were too quick for me (or I was too slow)

    Was in the process of merging these when you beat me to it.
    People don't usually say that I'm too quick before my coffee has managed to work its magic. Haha.

    I noticed the following from the F-Secure article:
    In cases where the user did not input their administrator password, the malware checks if the following path exists in the system:
    /Applications/Microsoft Word.app
    /Applications/Microsoft Office 2008
    /Applications/Microsoft Office 2011
    /Applications/Skype.app


    If any of these are found, the malware again skips the rest of its routine and proceeds to delete itself, presumably to avoid infecting a system that has an incompatible application installed.
    So, if the machine has Microsoft developed software, it deletes itself?
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  3. #18

    RavingMac's Avatar
    Member Since
    Jan 07, 2008
    Location
    In Denial
    Posts
    7,931
    Specs:
    4GB Mac Mini 2012, 13" MBA, 15" MacBook Pro OSX 10.7, 32 GB iPhone 3GS, iPad2 64gb 3G
    Quote Originally Posted by vansmith View Post
    People don't usually say that I'm too quick before my coffee has managed to work its magic. Haha.

    I noticed the following from the F-Secure article:So, if the machine has Microsoft developed software, it deletes itself?
    Interesting . . . what is the next step? If you don't have Microsoft products it uses your credit card info to purchase and install them?

    That would REALLY be Malware!!!
    I've always wanted to be smart, handsome and modest. But, I guess I'll have to be satisfied with two out of three . . .

  4. #19

    Stretch's Avatar
    Member Since
    Jan 13, 2007
    Location
    Central New York
    Posts
    4,773
    Specs:
    15in i7 MacBook Pro, 8GB RAM, 120GB SSD, 500GB HD
    I also read that if you use Little Snitch installed it will auto delete itself. Makes sense because it won't be able to run unnoticed if Little Snitch is monitoring.
    Blog and Photo Gallery: http://philolin.me/

    Currently running OS X 10.10

  5. #20

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,782
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    It would seem that having Office 2011 and Skype on my machine has kept it clean. Yet another benefit of using Office, haha.

    The nerd in me is interested to know what it is about Office and Skype that prevents this thing from working. Xcode is also on the list of apps that work to stop it.

    Quote Originally Posted by Stretch View Post
    I also read that if you use Little Snitch installed it will auto delete itself. Makes sense because it won't be able to run unnoticed if Little Snitch is monitoring.
    Yep, LS is certainly on that list (and logically so) as are other AV/malware products. Those make sense but the others (Office, Skype and Xcode)...not so much.
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  6. #21

    OneMoreThing...'s Avatar
    Member Since
    Mar 30, 2005
    Posts
    2,718
    Post 'Flashback' trojan estimated to have infected 600K Macs worldwide
    'Flashback' trojan estimated to have infected 600K Macs worldwide

    A trojan horse virus named "Flashback" that surfaced last year is believed to have created a botnet including more than 600,000 infected Macs around the world, with more than half of them in the U.S. alone.


    Read more

  7. #22

    McBie's Avatar
    Member Since
    Apr 26, 2008
    Location
    Belgium
    Posts
    2,852
    Specs:
    2013 MBA 13" - OS X 10.11.latest
    If you really want to find out if you have been hit is to monitor your outgoing connections to the internet.
    Check if there are any processes that are " calling home " .

    Use something like LittleSnitch and that will tell you what processes/apps are making an outbound connection. If you see outgoing connections to any of the following , you better be worried.
    ( I replaced the . by the word DOT )

    vxvhwcixcxqxd DOT com
    gangstasparadise DOT rr DOT nu.
    cuojshtbohnt DOT com
    rfffnahfiywyd DOT com

    These might change depending on the level of infection and if you already allowed the malware to call home for instructions.

    Most important thing is to get your Java up to date and don't just type in your password for no reason.
    Only update software via the respective web sites and not via some fancy looking pop-up window.

    Cheers ... McBie
    A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
    The bitterness of poor quality remains long after the sweetness of low price is forgotten.

  8. #23

    XJ-linux's Avatar
    Member Since
    Jul 02, 2007
    Location
    Going Galt...
    Posts
    3,451
    Specs:
    MacBookAir5,2:10.9.5-MacMini3,1:10.9.5-iPhone6,1:8.4.1
    mkdir /Applications/ClamXav.app (or whatever)

    All good.
    Never judge a man, untill you have walked a mile in his shoes...
    That way you'll be a mile away from him, and you'll have his shoes.

  9. #24
    How long has this been around for? I got a virus last August, I wonder if it's the same one.

  10. #25

    McBie's Avatar
    Member Since
    Apr 26, 2008
    Location
    Belgium
    Posts
    2,852
    Specs:
    2013 MBA 13" - OS X 10.11.latest
    Malware has been around for nearly 9 months .... what we see now is a new variant.
    The attack vector changed ... this version exploits a vulnerability in Java.
    Vulnerability will be closed by applying the Java update released by Apple a couple of days ago.

    Cheers ... McBie
    A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
    The bitterness of poor quality remains long after the sweetness of low price is forgotten.

  11. #26

    McBie's Avatar
    Member Since
    Apr 26, 2008
    Location
    Belgium
    Posts
    2,852
    Specs:
    2013 MBA 13" - OS X 10.11.latest
    Quote Originally Posted by vansmith View Post
    It would seem that having Office 2011 and Skype on my machine has kept it clean. Yet another benefit of using Office, haha.

    The nerd in me is interested to know what it is about Office and Skype that prevents this thing from working. Xcode is also on the list of apps that work to stop it.

    Yep, LS is certainly on that list (and logically so) as are other AV/malware products. Those make sense but the others (Office, Skype and Xcode)...not so much.
    Often, the reason for that is that after the malware has installed itself, it would like to stay invisible as long as possible. The functionality of certain apps may get modified/corrupted and thus alerting the user that something is not right ( without knowing what it is ) .... that will eventually expose the presence of malware.

    Cheers ... McBie
    A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
    The bitterness of poor quality remains long after the sweetness of low price is forgotten.

  12. #27

    nickyr's Avatar
    Member Since
    Nov 01, 2007
    Location
    Swansea - South Wales
    Posts
    782
    Specs:
    late 2012 IMac 27", early 2015 MBPr, early 2014 MBA, mid 2010 MB (10.12), iPhone 6 (iOS 10).
    Phew on 2 counts:

    both machines are clean
    after 5 years of mac ownership I finally used Terminal - yay
    Johann Gambolputty de Von Ausfern....


  13. #28

    McBie's Avatar
    Member Since
    Apr 26, 2008
    Location
    Belgium
    Posts
    2,852
    Specs:
    2013 MBA 13" - OS X 10.11.latest
    Quote Originally Posted by nickyr View Post

    after 5 years of mac ownership I finally used Terminal - yay
    Exactly mate .... I used terminal yesterday for the first time in 4 years .... never thought I would need it. Now I consider myself a pro with terminal so if anyone has questions ...

    Cheers ... McBie
    A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
    The bitterness of poor quality remains long after the sweetness of low price is forgotten.

  14. #29

    Doug b's Avatar
    Member Since
    Jun 22, 2008
    Location
    Forest Hills, NYC
    Posts
    3,343
    Specs:
    15-inch Early 2008; Processor 2.4 GHz Intel Core 2 Duo; Memory 4 GB 667 MHz DDR2 SDRAM; 10.7.5
    So um, what exactly would be the outcome of being "infected" either by way of inputting the admin password and not? I've read through several articles, and that part is not mentioned. Is the end result one of physical remote take over or just snooping etc etc?

    Doug

  15. #30

    Doug b's Avatar
    Member Since
    Jun 22, 2008
    Location
    Forest Hills, NYC
    Posts
    3,343
    Specs:
    15-inch Early 2008; Processor 2.4 GHz Intel Core 2 Duo; Memory 4 GB 667 MHz DDR2 SDRAM; 10.7.5
    Also, I only see a reference to Safari with this Trojan. Or does it also pertain to all other browsers?

    Doug

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. New Mac trojan found to exploit same Java weakness as 'Flashback'
    By OneMoreThing... in forum Apple Rumors and Reports
    Replies: 0
    Last Post: 12-03-2012, 07:40 PM
  2. flashback trojan
    By Retake in forum Switcher Hangout
    Replies: 3
    Last Post: 07-18-2012, 08:11 AM
  3. Flashback.C trojan infected my system - false alarm
    By Fisico60 in forum OS X - Operating System
    Replies: 11
    Last Post: 10-28-2011, 05:12 PM
  4. Apple's iOS App Store reaches a half-million approved apps - report
    By OneMoreThing... in forum Apple Rumors and Reports
    Replies: 1
    Last Post: 05-25-2011, 02:36 PM
  5. Macs seized by porn Trojan
    By BlackCivic in forum Apple Rumors and Reports
    Replies: 9
    Last Post: 11-01-2007, 07:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •