• This forum is for posting news stories or links from rumor sites. When you start a thread, please include a link to the site you're referencing.

    THIS IS NOT A FORUM TO ASK "WHAT IF?" TYPE QUESTIONS.

    THIS IS NOT A FORUM FOR ASKING QUESTIONS ABOUT HOW TO USE YOUR MAC OR SOFTWARE.

    This is a NEWS and RUMORS forum as the name implies. If your thread is neither of those things, then please find the appropriate forum to ask your question.

    If you don't have a link to a news story, do not post the thread here.

    If you don't follow these rules, then your post may be deleted.

Flashback trojan reportedly controls half a million Macs and counting

Joined
Apr 12, 2008
Messages
512
Reaction score
4
Points
18
Yep. I read that.
There was a recent update from Apple for Java.
But how would one if their machine had already been compromised?
 
Joined
Sep 3, 2009
Messages
132
Reaction score
3
Points
18
Location
Houston, Texas
Your Mac's Specs
MacBook Pro.
Good question. What can one use to scan for something like this? Is this a good reason to install AV software? I don't have any at the moment.
 
Joined
Feb 26, 2010
Messages
2,116
Reaction score
123
Points
63
Location
Rocky Mountain High, Colorado
Your Mac's Specs
1.8 GHz i7 MBA 11" OSX 10.8.2
Joined
Apr 6, 2011
Messages
1,291
Reaction score
43
Points
48
Location
Louisville, KY - USA
Your Mac's Specs
MBP 17" 2011, 2.3GHz Intel Quad-Core i7, 8GB RAM, MacMini 2011, 2.7GHz Intel Dual-Core i7, 8GB RAM
Run through the commands from the F-secure article and you will be fine. Update the system as suggested and this will be fine. I havent checked my MBP yet, but I have my MacMini and it was a breeze. Of course, it wasnt infected (I dont browse the internet on that machine) as it is only a media server. I will be checking my MBP when I get home.

Threat Description: Trojan-Downloader:OSX/Flashback.I
 
Joined
Aug 31, 2009
Messages
304
Reaction score
6
Points
18
I understand that, to be infected, you would first have to approved a phished certificate saying that it was from Apple.

So once again the user is the final guardian.

True?
 
Joined
Apr 6, 2011
Messages
1,291
Reaction score
43
Points
48
Location
Louisville, KY - USA
Your Mac's Specs
MBP 17" 2011, 2.3GHz Intel Quad-Core i7, 8GB RAM, MacMini 2011, 2.7GHz Intel Dual-Core i7, 8GB RAM
I understand that, to be infected, you would first have to approved a phished certificate saying that it was from Apple.

So once again the user is the final guardian.

True?

yep... laziness is what both the virus authors and virus-scanners rely on. If people paid attention to what they were doing, neither would have much luck in accomplishing their goals.
 
Joined
Dec 25, 2011
Messages
3
Reaction score
0
Points
1
Location
West Coast
Your Mac's Specs
iMac PPC G5 OSX, macbook, ipod
Trojan BackDoor.Flashback

'Rude awakening' for Mac users as cyber attack infects 550,000 of Apple's 'virus free' machines - with UK and U.S. worst hit
April 5, 2012
Print Version
Source: Daily Mail

A new computer trojan has infected 550,000 machines running Apple's Mac OS X - and many could still be vulnerable. The infected machines are now part of a 'botnet' of zombie machines which can be controlled by cyber criminals and 'told' to download new malicious software.

The attack has been described as a 'rude awakening' for Mac users.





The attack has afflicted machines in America and the UK worst, according to Russian security vendor Dr Web's statistics

The new attack was spotted by Russian anti-virus vendor Dr Web.

'We conducted research to determine the scale of spreading of Trojan BackDoor.Flashback that infects computers running Mac OS X,' says the Russian antivirus vendor.


'The botnet encompasses more than 550 000 infected machines, most of which are located in the United States and Canada.



Can we develop more info on this here?
 
Joined
Aug 31, 2009
Messages
304
Reaction score
6
Points
18
yep... laziness is what both the virus authors and virus-scanners rely on. If people paid attention to what they were doing, neither would have much luck in accomplishing their goals.

So.

"Don't click on strange and questionable stuff".

Then the OP really has nothing to worry about, which was his question.
 
Joined
Aug 31, 2009
Messages
304
Reaction score
6
Points
18
See other thread.

Don't click on and authorize weird stuff and you'll be fine.

It only gets in if the user opens the door and invites it to enter.

You know, like a vampire cannot enter your house unless you specifically invite it in.

As in entering your admin password or accepting a phished security certificate.

Just say no.
 
Joined
Nov 1, 2011
Messages
17
Reaction score
0
Points
1
Location
Woodland Park, CO
Your Mac's Specs
Model Name: Model Identifier: Mac Mini Processor Name: Intel Core i5 Processor Speed:2.6
It's a zero-day attack patch that applies to Oracle Java. It only applies to Snow Leopard and some but not all Lion . Apple has recenlyt quit bundeling Oracle Java with Lion.
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
Merged threads - let's just keep all these Flashback discussions together. ;)
 

RavingMac

Well-known member
Staff member
Moderator
Joined
Jan 7, 2008
Messages
8,303
Reaction score
242
Points
63
Location
In Denial
Your Mac's Specs
16Gb Mac Mini 2018, 15" MacBook Pro 2012 1 TB SSD
You were too quick for me (or I was too slow) ;P

Was in the process of merging these when you beat me to it. :)
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
You were too quick for me (or I was too slow) ;P

Was in the process of merging these when you beat me to it. :)
People don't usually say that I'm too quick before my coffee has managed to work its magic. Haha.

I noticed the following from the F-Secure article:
In cases where the user did not input their administrator password, the malware checks if the following path exists in the system:
/Applications/Microsoft Word.app
/Applications/Microsoft Office 2008
/Applications/Microsoft Office 2011
/Applications/Skype.app


If any of these are found, the malware again skips the rest of its routine and proceeds to delete itself, presumably to avoid infecting a system that has an incompatible application installed.
So, if the machine has Microsoft developed software, it deletes itself?
 

RavingMac

Well-known member
Staff member
Moderator
Joined
Jan 7, 2008
Messages
8,303
Reaction score
242
Points
63
Location
In Denial
Your Mac's Specs
16Gb Mac Mini 2018, 15" MacBook Pro 2012 1 TB SSD
People don't usually say that I'm too quick before my coffee has managed to work its magic. Haha.

I noticed the following from the F-Secure article:So, if the machine has Microsoft developed software, it deletes itself?

Interesting . . . what is the next step? If you don't have Microsoft products it uses your credit card info to purchase and install them? ;)

That would REALLY be Malware!!!
 
Joined
Jan 13, 2007
Messages
4,773
Reaction score
166
Points
63
Location
Central New York
Your Mac's Specs
15in i7 MacBook Pro, 8GB RAM, 120GB SSD, 500GB HD
I also read that if you use Little Snitch installed it will auto delete itself. Makes sense because it won't be able to run unnoticed if Little Snitch is monitoring.
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
It would seem that having Office 2011 and Skype on my machine has kept it clean. Yet another benefit of using Office, haha.

The nerd in me is interested to know what it is about Office and Skype that prevents this thing from working. Xcode is also on the list of apps that work to stop it.

I also read that if you use Little Snitch installed it will auto delete itself. Makes sense because it won't be able to run unnoticed if Little Snitch is monitoring.
Yep, LS is certainly on that list (and logically so) as are other AV/malware products. Those make sense but the others (Office, Skype and Xcode)...not so much.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top