New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Apple Rumors and Reports Discuss what's going on with Apple in this forum

Flashback trojan reportedly controls half a million Macs and counting


Post Reply New Thread Subscribe

 
Thread Tools
jvalentine

 
Member Since: Mar 17, 2012
Posts: 4
jvalentine is an unknown at this point

jvalentine is offline
Recently I posted a few questions requesting newbie help on these forums. One was regarding this exact concept. Someone argued the semantics of a virus and other forms of malware, and argued that it was spreading "misinformation". I figured I would take this as an excellent opportunity to remind the Mac community that the only reason Windows has so many malware problems is purely based on their market share of business systems. Apple has picked up an immense amount of momentum in the past few years, as we are all aware. Some of the most awesome products I use everyday are my iPad, and iPhone. Some extremely huge innovations to these, as well as Apples other core product lines have increased their market share considerably. This malware attack is the direct result of gaining market share.

Let me be the first to welcome [some of] you to what the rest of the world has been dealing with for a quarter century!

Now for the part that I tell all of my Windows-based customers:

The only way to protect yourself fully is to disconnect from the Internet altogether. Since that is obviously not possible, the next best step is to pay attention to what you click, where it comes from, and where it takes you. If you don't trust it, don't click it. Make sure you run routine scans on your computer. Especially so, when you encounter something that you just simply didn't expect to see. As with the human body, early detection can make a huge difference. Malware detection early can be an "oh crap moment". Ignoring it could lead to lengthy police/bank/credit investigations and in some rare cases, even litigation.

So, with open and warm arms, welcome!

Regards,
jvalentine - a recent switcher
QUOTE Thanks
McBie

 
McBie's Avatar
 
Member Since: Apr 26, 2008
Location: Belgium
Posts: 2,228
McBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to all
Mac Specs: 2013 MBA 13" - 10.9.2 & iPad - iOS 5.1

McBie is offline
Doug, Safari and Firefox for sure ... the others are unknown.
As to what it does, not clear.
I mentioned in October 2011 when the first variant was flying around that this malware was a proof of concept ... it didn't need to do anything. My view was that the bad guys were figuring out if there were " victims " out there and how big the numbers were.
Seems to me they were pretty successful in finding that out.
In terms of the malware actually yielding results for them, I highly doubt that.

What you do see and hear is that the " Mac " community has received a wake up call.
I am still pretty confident in the robustness of OS X, it is the layer between the chair and the keyboard that will need awareness. :-)

Cheers ... McBie

A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
The problem is not the problem. The problem is your attitude towards the problem. You understand ?
QUOTE Thanks
baggss

 
baggss's Avatar
 
Member Since: Oct 10, 2004
Location: Margaritaville
Posts: 10,309
baggss has a reputation beyond reputebaggss has a reputation beyond reputebaggss has a reputation beyond reputebaggss has a reputation beyond reputebaggss has a reputation beyond reputebaggss has a reputation beyond reputebaggss has a reputation beyond reputebaggss has a reputation beyond reputebaggss has a reputation beyond reputebaggss has a reputation beyond reputebaggss has a reputation beyond repute
Mac Specs: 27" 3.4 Ghz i7 iMac-13" C2D Macbook-OSX 18.8.2-64Gb iPad 2-32 Gb iPhone 5-ATV 2-14Tb of Storage

baggss is offline
Quote:
Originally Posted by jvalentine View Post
Recently I posted a few questions requesting newbie help on these forums. One was regarding this exact concept. Someone argued the semantics of a virus and other forms of malware, and argued that it was spreading "misinformation". I figured I would take this as an excellent opportunity to remind the Mac community that the only reason Windows has so many malware problems is purely based on their market share of business systems. Apple has picked up an immense amount of momentum in the past few years, as we are all aware. Some of the most awesome products I use everyday are my iPad, and iPhone. Some extremely huge innovations to these, as well as Apples other core product lines have increased their market share considerably. This malware attack is the direct result of gaining market share.

Let me be the first to welcome [some of] you to what the rest of the world has been dealing with for a quarter century!

Now for the part that I tell all of my Windows-based customers:

The only way to protect yourself fully is to disconnect from the Internet altogether. Since that is obviously not possible, the next best step is to pay attention to what you click, where it comes from, and where it takes you. If you don't trust it, don't click it. Make sure you run routine scans on your computer. Especially so, when you encounter something that you just simply didn't expect to see. As with the human body, early detection can make a huge difference. Malware detection early can be an "oh crap moment". Ignoring it could lead to lengthy police/bank/credit investigations and in some rare cases, even litigation.

So, with open and warm arms, welcome!

Regards,
jvalentine - a recent switcher
Have fun selling FUD. The need for Windows like treatment of Maleware on Macs is till not needed, although one should pay attention as you advise.


QUOTE Thanks
Doug b

 
Doug b's Avatar
 
Member Since: Jun 22, 2008
Location: Forest Hills, NYC
Posts: 3,344
Doug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond repute
Mac Specs: 15-inch Early 2008; Processor 2.4 GHz Intel Core 2 Duo; Memory 4 GB 667 MHz DDR2 SDRAM; 10.7.5

Doug b is offline
FUD indeed Baggss. In fact, if you really look at the info which is always regurgitated ad-nasium by people who don't care to investigate any further than their local PC rag mag rantings... There's a very neat observation you can extract from such ramblings. A glaring contradiction, if you will:

Quote:
Some of the most awesome products I use everyday are my iPad, and iPhone. Some extremely huge innovations to these, as well as Apples other core product lines have increased their market share considerably. This malware attack is the direct result of gaining market share.
This makes me laugh a LOT. So, the proliferation of viri and such on a Nix based OS is the direct result of iOS sales in the market place? Really? Gee, this doesn't exactly wash with the other mantra of... "You just don't have Apple in the business market the way you do Windows, so that's why you don't see Mac's infected as such".

Sorry but, you guys need to get your stories straight! Of course I do agree with having to be sensible, using logic and not just clicking on things all willy nilly. But that's the problem with the masses... they're just not educated when it comes to things like this. In fact, they're usually just plain ol' lazy, and don't even like lifting a finger to do anything for themselves, until it's too late of course, But even then, they still would rather rely on someone to fix it for them.

It's just the way of things I'm afraid. Those of us whom are safe will likely remain so. Just like in nature, I guess it's the cyber-gods way of thinning out the herd? LOL.

Doug
QUOTE Thanks
McBie

 
McBie's Avatar
 
Member Since: Apr 26, 2008
Location: Belgium
Posts: 2,228
McBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to all
Mac Specs: 2013 MBA 13" - 10.9.2 & iPad - iOS 5.1

McBie is offline
Quote:
Originally Posted by Doug b View Post

.... I guess it's the cyber-gods way of thinning out the herd? LOL.

Doug
I hope that isn't true .

Cheers ... McBie

A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
The problem is not the problem. The problem is your attitude towards the problem. You understand ?
QUOTE Thanks
nezing

 
nezing's Avatar
 
Member Since: Nov 20, 2011
Location: Solihull,UK
Posts: 29
nezing is on a distinguished road
Mac Specs: Macbook Air 11.6,Macbook 13,ipad 1,ipod Classic,iphone 4S

nezing is offline
Quote:
Originally Posted by nickyr View Post
Phew on 2 counts:

both machines are clean
after 5 years of mac ownership I finally used Terminal - yay

After 6 months of Macbook air (ownership),I too "get to use Terminal" (commands).Been using "terminal" in Linux distro's for years however.My Macbook air is clean
QUOTE Thanks
soccerphysio

 
Member Since: Apr 17, 2008
Posts: 154
soccerphysio is on a distinguished road

soccerphysio is offline
Quote:
Originally Posted by nezing View Post
After 6 months of Macbook air (ownership),I too "get to use Terminal" (commands).Been using "terminal" in Linux distro's for years however.My Macbook air is clean
What is "Terminal?"

What would be the easiest (and most trustworthy) way for a non-techie to check for this on their computer? I've seen some suggestions, but want to make sure I know what I am doing before I screw something up, or actually infect myself with something worse in the process!
QUOTE Thanks
Dogbreath

 
Dogbreath's Avatar
 
Member Since: Sep 03, 2010
Location: Charlotte, NC
Posts: 348
Dogbreath is a jewel in the roughDogbreath is a jewel in the rough
Mac Specs: mid 2010 Mac Mini OS 10.6.8 (SL), 2.66 GHz C2D, 8GB RAM, 30 in. Cinema Display

Dogbreath is offline
I have both MS Office 2011 and Skype. I only use Safari. They are up to date.

Before I start playing around in Terminal with F-Secure's Disinfection, is there a quick way to check for Flashback (as posted above)? Also, I need a couple of things clarified with their instructions. Concerning F-Secure's manual removal instructions, what do they mean by "Take note of the value"...does that mean to look and see if DYLD_INSERT_LIBRARIES appears? Will it be just this...or a number...or a list of files? If DYLD_INSERT_LIBRARIES is there, does this mean I am infected? If that doesn't appear, can I stop there with my quest? Where will the files be that step 7 and step 13 mention? I apologize if these questions seem elementary...but I know messing around in Terminal can be terminal.

I have had my Mini for 1.5 years...my first Mac. Maybe it's time I just do a clean install anyway. I have been extremely careful about what I have allowed to be downloaded and the sites I go to, but we all make mistakes. Thanks all....I will probably have more questions later.

This news just in..."Apple Battles Flashback Trojan With Second Mac Update".......this update appears to be for Lion only. The first update was for Snow Leopard AND Lion.
QUOTE Thanks
Dogbreath

 
Dogbreath's Avatar
 
Member Since: Sep 03, 2010
Location: Charlotte, NC
Posts: 348
Dogbreath is a jewel in the roughDogbreath is a jewel in the rough
Mac Specs: mid 2010 Mac Mini OS 10.6.8 (SL), 2.66 GHz C2D, 8GB RAM, 30 in. Cinema Display

Dogbreath is offline
I just found some of my requested simplifications. I still don't know where to find the specified files if infected.



"Then, once you're in, follow these easy steps to detection:

1. Run the following command in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:

"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"

If you don't get that error message, well, time to head to F-Secure for your fix. If you're clean so far, you can move on to step eight:

8. Run the following command in Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:

"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"

In other words: "does not exist" means you've got a healthy rig. Anything else, just keep following F-Secure's instructions to vanquish the intruder."



Thanks all...now to get home and give this a go...keeping my fingers crossed. I hope you all fare well on this.
QUOTE Thanks
Doug b

 
Doug b's Avatar
 
Member Since: Jun 22, 2008
Location: Forest Hills, NYC
Posts: 3,344
Doug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond reputeDoug b has a reputation beyond repute
Mac Specs: 15-inch Early 2008; Processor 2.4 GHz Intel Core 2 Duo; Memory 4 GB 667 MHz DDR2 SDRAM; 10.7.5

Doug b is offline
There are only two commands you have to run in Terminal, nothing else.

Code:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
Code:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If you are not "infected", both results will yield in a message saying that
A:
Quote:
The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
and

B:
Quote:
The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist
No need to freak out.

Doug
QUOTE Thanks
Dogbreath

 
Dogbreath's Avatar
 
Member Since: Sep 03, 2010
Location: Charlotte, NC
Posts: 348
Dogbreath is a jewel in the roughDogbreath is a jewel in the rough
Mac Specs: mid 2010 Mac Mini OS 10.6.8 (SL), 2.66 GHz C2D, 8GB RAM, 30 in. Cinema Display

Dogbreath is offline
Thanks Doug...Sorry, but I did freakout...but for good reason...although results showed I'm healthy and clean. I have the skills to remedy an infection, I just didn't want to deal with the hassle and I have a lot to lose if someone were to gain access to what's in the box that Carroll Meryl is holding.
QUOTE Thanks
RavingMac

 
RavingMac's Avatar
 
Member Since: Jan 07, 2008
Location: In Denial
Posts: 7,457
RavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond repute
Mac Specs: 4GB Mac Mini 2012, 13" MBA, 15" MacBook Pro OSX 10.7, 32 GB iPhone 3GS, iPad2 64gb 3G

RavingMac is offline
Well, my MBP is clean . . . now to test the others.

If I were given just one wish it would be . . . that I could have three more wishes!
QUOTE Thanks
Chuckoir

 
Chuckoir's Avatar
 
Member Since: Sep 21, 2011
Location: London, Londonshire, England.
Posts: 724
Chuckoir is a jewel in the roughChuckoir is a jewel in the roughChuckoir is a jewel in the rough
Mac Specs: 13" Late 2011 MBP,iPad '3' 32gb,iPhone4 32gb

Chuckoir is offline
I'm clean!

So is my Mac!

Play the guitar?! Check out the [newly created]Mac-Forums guitar thread!
QUOTE Thanks
dtravis7

 
dtravis7's Avatar
 
Member Since: Jan 04, 2005
Location: Modesto, Ca.
Posts: 27,213
dtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond repute
Mac Specs: iMac 2.4 C2D 10.9.1, iMac 2.16 C2d 10.6.8, Macbook2007 10.8.4, Mac Mini 10.8.4, iPhone 3GS IPad1

dtravis7 is offline
All MAC here clean!
QUOTE Thanks
RavingMac

 
RavingMac's Avatar
 
Member Since: Jan 07, 2008
Location: In Denial
Posts: 7,457
RavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond repute
Mac Specs: 4GB Mac Mini 2012, 13" MBA, 15" MacBook Pro OSX 10.7, 32 GB iPhone 3GS, iPad2 64gb 3G

RavingMac is offline
Three for three . . . all clean.

If I were given just one wish it would be . . . that I could have three more wishes!
QUOTE Thanks

Post Reply New Thread Subscribe


« Apple CEO Tim Cook spotted at video game designer Valve's headquarters | Reuters: Justice Department ready to sue Apple over ebook price fixing (Updated) »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

All times are GMT -4. The time now is 03:58 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?