04-06-2012, 08:26 PM

Well, Dogbreath.. (I really like calling someone that) the thing is that I don't think anyone has actually seen or experienced the consequences of said "infection", so one shouldn't assume what the outcome would be. That said, everyone and their mom should be backing up their data (not just via Time Machine) redundantly, and on a regular basis.

Which reminds me, I need to buy a new external!

Doug

04-06-2012, 09:51 PM

Quote:

Originally Posted by Doug b

Well, Dogbreath.. (I really like calling someone that) the thing is that I don't think anyone has actually seen or experienced the consequences of said "infection", so one shouldn't assume what the outcome would be. That said, everyone and their mom should be backing up their data (not just via Time Machine) redundantly, and on a regular basis.

Which reminds me, I need to buy a new external!

Doug

I was just going to post the question, "Has anybody on this Forum seen the infection, or even know someone who has?"

Just curious now.

04-06-2012, 09:52 PM

I did the check, just for the heck of it. Didn't really need to since I have Little Snitch installed. Came back clean.

04-07-2012, 07:44 AM

Quote:

Originally Posted by Razormac

I was just going to post the question, "Has anybody on this Forum seen the infection, or even know someone who has?"

Just curious now.

That is why I posted earlier on that the results of the malware are not clear and as far as I can tell, there are no results.
That is why I called this a proof of concept ... a step by step approach and see how far they can get.
That is also why the articles in the press and magazines made me smile ..... 600000 infections ... right .... what does that mean then ..... how many of those actually yielded any results .... and where does the 600000 comes from ?
Is someone counting numbers ?

In my mind, there is not so much to worry about, only that people now understand that the OS X platform is not only on the radar, it is now also a chosen target.

A few simple behaviors will keep the risk level actually low. ( The vulnerabilities are outside of our control )

Cheers ... McBie

04-07-2012, 10:35 AM

I'm clean

04-07-2012, 10:59 AM

Im clean.Just told me files do not exist but did not say anything like domain/default pair of does not exist

04-07-2012, 11:56 AM

I think I may have noticed a flaw in the F-Secure article (here). I noticed that in the Ars article (here) covering the malware, they check the Safari and Firefox app bundles which made me think that this malware modifies the app bundle for the browser used by the user and not necessarily Safari itself. I never use Safari so I imagine that checking the Safari app bundle is utterly useless if this is the case.

Does anyone know if the malware modifies Safari and/or Firefox regardless or does it modify the browser used when the malware was installed on the machine?

04-07-2012, 02:13 PM

Okay, I just checked Firefox on all three Macs (my browser of choice) and still clean.

04-07-2012, 03:36 PM

Did you type in a different command in terminal to check firefox or just the two that have already been listed in this thread?

04-07-2012, 04:18 PM

I am clean, but I have to now check up on the less wary Mac users that I know. I have a feeling I know someone who caught this--same person that caught the Mac Defender or whatever it was called.

04-07-2012, 04:26 PM

Quote:

Originally Posted by mattg3

Did you type in a different command in terminal to check firefox or just the two that have already been listed in this thread?

Replace:

Code:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

in the steps above to check your machine with the following:

Code:

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

04-07-2012, 04:41 PM

thanks,Firefox is clean

04-08-2012, 01:34 AM

All the comments I am sure make sense to sophisticated MAC users. I am a new MACBookPro user. There is no way I can make sense of any of the comments above. How will I know if my MACBook has been infected? I have no idea how to use the terminal or what not.

Many of us are not expert MAC users.

04-08-2012, 01:49 AM

How does one use the terminal? I opened it up, and it says:

Last login: Sun Apr 8 01:44:07 on ttys000
MYName-MacBook-Pro:~ mynames$ ..



Now what do I do?


I also see members writing that they checked their browsers, ie Firefox. How would I do that?

Do you think it might be better for me to call Apple and talk to a tech?

04-08-2012, 02:29 AM

Quote:

Originally Posted by Semanon

All the comments I am sure make sense to sophisticated MAC users. I am a new MACBookPro user. There is no way I can make sense of any of the comments above. How will I know if my MACBook has been infected? I have no idea how to use the terminal or what not.

Many of us are not expert MAC users.

It is kind of like one of those make your own adventure books, if you follow the article here
To run commands in Terminal, open up Terminal (Applications/Utilities or a Spotlight search) and then it is merely a case of copying and pasting. So first we run

Code:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

by using cmd+c and then cmd+v into Terminal.
If you get an error message, you can skip straight to step 8 (Hope that you get one).
All you have to do is follow the instructions on the websitr linked.

I use Terminal all the time but I must admit to you that I understand very little.

You should be clean if you don't willy-nilly put in the admin password for everything that asks for it however if you do find you are infected, ask here for a walkthrough if you need.