• This forum is for posting news stories or links from rumor sites. When you start a thread, please include a link to the site you're referencing.

    THIS IS NOT A FORUM TO ASK "WHAT IF?" TYPE QUESTIONS.

    THIS IS NOT A FORUM FOR ASKING QUESTIONS ABOUT HOW TO USE YOUR MAC OR SOFTWARE.

    This is a NEWS and RUMORS forum as the name implies. If your thread is neither of those things, then please find the appropriate forum to ask your question.

    If you don't have a link to a news story, do not post the thread here.

    If you don't follow these rules, then your post may be deleted.

Flashback trojan reportedly controls half a million Macs and counting

Joined
Mar 30, 2005
Messages
9,571
Reaction score
25
Points
48
'Flashback' trojan estimated to have infected 600K Macs worldwide

'Flashback' trojan estimated to have infected 600K Macs worldwide

A trojan horse virus named "Flashback" that surfaced last year is believed to have created a botnet including more than 600,000 infected Macs around the world, with more than half of them in the U.S. alone.
mf.gif



a2t.img

Read more
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
If you really want to find out if you have been hit is to monitor your outgoing connections to the internet.
Check if there are any processes that are " calling home " .

Use something like LittleSnitch and that will tell you what processes/apps are making an outbound connection. If you see outgoing connections to any of the following , you better be worried.
( I replaced the . by the word DOT )

vxvhwcixcxqxd DOT com
gangstasparadise DOT rr DOT nu.
cuojshtbohnt DOT com
rfffnahfiywyd DOT com

These might change depending on the level of infection and if you already allowed the malware to call home for instructions.

Most important thing is to get your Java up to date and don't just type in your password for no reason.
Only update software via the respective web sites and not via some fancy looking pop-up window.

Cheers ... McBie
 
Joined
Jul 2, 2007
Messages
3,494
Reaction score
204
Points
63
Location
Going Galt...
Your Mac's Specs
MacBookAir5,2:10.13.6-iMac18,3:10.13.6-iPhone9,3:11.4.1
mkdir /Applications/ClamXav.app (or whatever)

All good.
 
Joined
Aug 5, 2011
Messages
118
Reaction score
2
Points
18
How long has this been around for? I got a virus last August, I wonder if it's the same one.
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
Malware has been around for nearly 9 months .... what we see now is a new variant.
The attack vector changed ... this version exploits a vulnerability in Java.
Vulnerability will be closed by applying the Java update released by Apple a couple of days ago.

Cheers ... McBie
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
It would seem that having Office 2011 and Skype on my machine has kept it clean. Yet another benefit of using Office, haha.

The nerd in me is interested to know what it is about Office and Skype that prevents this thing from working. Xcode is also on the list of apps that work to stop it.

Yep, LS is certainly on that list (and logically so) as are other AV/malware products. Those make sense but the others (Office, Skype and Xcode)...not so much.

Often, the reason for that is that after the malware has installed itself, it would like to stay invisible as long as possible. The functionality of certain apps may get modified/corrupted and thus alerting the user that something is not right ( without knowing what it is ) .... that will eventually expose the presence of malware.

Cheers ... McBie
 
Joined
Nov 1, 2007
Messages
1,246
Reaction score
80
Points
48
Location
Swansea - South Wales
Your Mac's Specs
21 M1 Pro 14" MBP, 23 M2 Pro Mac Mini (MacOS 14), iPhone 15 Pro Max (iOS 17), iPad 6 (iPadOS 17)
Phew on 2 counts:

both machines are clean
after 5 years of mac ownership I finally used Terminal - yay:)
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
after 5 years of mac ownership I finally used Terminal - yay:)

Exactly mate .... I used terminal yesterday for the first time in 4 years .... never thought I would need it. Now I consider myself a pro with terminal so if anyone has questions ...:)

Cheers ... McBie
 
Joined
Jun 22, 2008
Messages
3,343
Reaction score
213
Points
63
Location
Forest Hills, NYC
Your Mac's Specs
15-inch Early 2008; Processor 2.4 GHz Intel Core 2 Duo; Memory 4 GB 667 MHz DDR2 SDRAM; 10.7.5
So um, what exactly would be the outcome of being "infected" either by way of inputting the admin password and not? I've read through several articles, and that part is not mentioned. Is the end result one of physical remote take over or just snooping etc etc?

Doug
 
Joined
Jun 22, 2008
Messages
3,343
Reaction score
213
Points
63
Location
Forest Hills, NYC
Your Mac's Specs
15-inch Early 2008; Processor 2.4 GHz Intel Core 2 Duo; Memory 4 GB 667 MHz DDR2 SDRAM; 10.7.5
Also, I only see a reference to Safari with this Trojan. Or does it also pertain to all other browsers?

Doug
 
Joined
Mar 17, 2012
Messages
4
Reaction score
0
Points
1
Recently I posted a few questions requesting newbie help on these forums. One was regarding this exact concept. Someone argued the semantics of a virus and other forms of malware, and argued that it was spreading "misinformation". I figured I would take this as an excellent opportunity to remind the Mac community that the only reason Windows has so many malware problems is purely based on their market share of business systems. Apple has picked up an immense amount of momentum in the past few years, as we are all aware. Some of the most awesome products I use everyday are my iPad, and iPhone. Some extremely huge innovations to these, as well as Apples other core product lines have increased their market share considerably. This malware attack is the direct result of gaining market share.

Let me be the first to welcome [some of] you to what the rest of the world has been dealing with for a quarter century!

Now for the part that I tell all of my Windows-based customers:

The only way to protect yourself fully is to disconnect from the Internet altogether. Since that is obviously not possible, the next best step is to pay attention to what you click, where it comes from, and where it takes you. If you don't trust it, don't click it. Make sure you run routine scans on your computer. Especially so, when you encounter something that you just simply didn't expect to see. As with the human body, early detection can make a huge difference. Malware detection early can be an "oh crap moment". Ignoring it could lead to lengthy police/bank/credit investigations and in some rare cases, even litigation.

So, with open and warm arms, welcome!

Regards,
jvalentine - a recent switcher
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
Doug, Safari and Firefox for sure ... the others are unknown.
As to what it does, not clear.
I mentioned in October 2011 when the first variant was flying around that this malware was a proof of concept ... it didn't need to do anything. My view was that the bad guys were figuring out if there were " victims " out there and how big the numbers were.
Seems to me they were pretty successful in finding that out.
In terms of the malware actually yielding results for them, I highly doubt that.

What you do see and hear is that the " Mac " community has received a wake up call.
I am still pretty confident in the robustness of OS X, it is the layer between the chair and the keyboard that will need awareness. :)

Cheers ... McBie
 
Joined
Oct 10, 2004
Messages
10,345
Reaction score
597
Points
113
Location
Margaritaville
Your Mac's Specs
3.4 Ghz i7 MacBook Pro (2015), iPad Pro (2014), iPhone Xs Max. Apple TV 4K
Recently I posted a few questions requesting newbie help on these forums. One was regarding this exact concept. Someone argued the semantics of a virus and other forms of malware, and argued that it was spreading "misinformation". I figured I would take this as an excellent opportunity to remind the Mac community that the only reason Windows has so many malware problems is purely based on their market share of business systems. Apple has picked up an immense amount of momentum in the past few years, as we are all aware. Some of the most awesome products I use everyday are my iPad, and iPhone. Some extremely huge innovations to these, as well as Apples other core product lines have increased their market share considerably. This malware attack is the direct result of gaining market share.

Let me be the first to welcome [some of] you to what the rest of the world has been dealing with for a quarter century!

Now for the part that I tell all of my Windows-based customers:

The only way to protect yourself fully is to disconnect from the Internet altogether. Since that is obviously not possible, the next best step is to pay attention to what you click, where it comes from, and where it takes you. If you don't trust it, don't click it. Make sure you run routine scans on your computer. Especially so, when you encounter something that you just simply didn't expect to see. As with the human body, early detection can make a huge difference. Malware detection early can be an "oh crap moment". Ignoring it could lead to lengthy police/bank/credit investigations and in some rare cases, even litigation.

So, with open and warm arms, welcome!

Regards,
jvalentine - a recent switcher

Have fun selling FUD. The need for Windows like treatment of Maleware on Macs is till not needed, although one should pay attention as you advise.
 
Joined
Jun 22, 2008
Messages
3,343
Reaction score
213
Points
63
Location
Forest Hills, NYC
Your Mac's Specs
15-inch Early 2008; Processor 2.4 GHz Intel Core 2 Duo; Memory 4 GB 667 MHz DDR2 SDRAM; 10.7.5
FUD indeed Baggss. In fact, if you really look at the info which is always regurgitated ad-nasium by people who don't care to investigate any further than their local PC rag mag rantings... There's a very neat observation you can extract from such ramblings. A glaring contradiction, if you will:

Some of the most awesome products I use everyday are my iPad, and iPhone. Some extremely huge innovations to these, as well as Apples other core product lines have increased their market share considerably. This malware attack is the direct result of gaining market share.
This makes me laugh a LOT. So, the proliferation of viri and such on a Nix based OS is the direct result of iOS sales in the market place? Really? Gee, this doesn't exactly wash with the other mantra of... "You just don't have Apple in the business market the way you do Windows, so that's why you don't see Mac's infected as such".

Sorry but, you guys need to get your stories straight! Of course I do agree with having to be sensible, using logic and not just clicking on things all willy nilly. But that's the problem with the masses... they're just not educated when it comes to things like this. In fact, they're usually just plain ol' lazy, and don't even like lifting a finger to do anything for themselves, until it's too late of course, But even then, they still would rather rely on someone to fix it for them.

It's just the way of things I'm afraid. Those of us whom are safe will likely remain so. Just like in nature, I guess it's the cyber-gods way of thinning out the herd? LOL.

Doug
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
.... I guess it's the cyber-gods way of thinning out the herd? LOL.

Doug

;P I hope that isn't true . :p

Cheers ... McBie
 
Joined
Nov 20, 2011
Messages
28
Reaction score
2
Points
3
Location
Solihull,UK
Your Mac's Specs
Macbook Air 11.6,Macbook 13,ipad 1,ipod Classic,iphone 4S
Phew on 2 counts:

both machines are clean
after 5 years of mac ownership I finally used Terminal - yay:)


After 6 months of Macbook air (ownership),I too "get to use Terminal" (commands).Been using "terminal" in Linux distro's for years however.My Macbook air is clean :Cool:
 
Joined
Apr 17, 2008
Messages
159
Reaction score
0
Points
16
After 6 months of Macbook air (ownership),I too "get to use Terminal" (commands).Been using "terminal" in Linux distro's for years however.My Macbook air is clean :Cool:

What is "Terminal?"

What would be the easiest (and most trustworthy) way for a non-techie to check for this on their computer? I've seen some suggestions, but want to make sure I know what I am doing before I screw something up, or actually infect myself with something worse in the process!
 
Joined
Sep 3, 2010
Messages
622
Reaction score
13
Points
18
Location
Charlotte, NC
Your Mac's Specs
mid-2010 Mac Mini OS 10.12.6 Sierra, 2.66 GHz C2D, 8GB RAM, 30 in. Cinema Display
I have both MS Office 2011 and Skype. I only use Safari. They are up to date.

Before I start playing around in Terminal with F-Secure's Disinfection, is there a quick way to check for Flashback (as posted above)? Also, I need a couple of things clarified with their instructions. Concerning F-Secure's manual removal instructions, what do they mean by "Take note of the value"...does that mean to look and see if DYLD_INSERT_LIBRARIES appears? Will it be just this...or a number...or a list of files? If DYLD_INSERT_LIBRARIES is there, does this mean I am infected? If that doesn't appear, can I stop there with my quest? Where will the files be that step 7 and step 13 mention? I apologize if these questions seem elementary...but I know messing around in Terminal can be terminal.

I have had my Mini for 1.5 years...my first Mac. Maybe it's time I just do a clean install anyway. I have been extremely careful about what I have allowed to be downloaded and the sites I go to, but we all make mistakes. Thanks all....I will probably have more questions later.

This news just in..."Apple Battles Flashback Trojan With Second Mac Update".......this update appears to be for Lion only. The first update was for Snow Leopard AND Lion.
 
Joined
Sep 3, 2010
Messages
622
Reaction score
13
Points
18
Location
Charlotte, NC
Your Mac's Specs
mid-2010 Mac Mini OS 10.12.6 Sierra, 2.66 GHz C2D, 8GB RAM, 30 in. Cinema Display
I just found some of my requested simplifications. I still don't know where to find the specified files if infected.



"Then, once you're in, follow these easy steps to detection:

1. Run the following command in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:

"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"

If you don't get that error message, well, time to head to F-Secure for your fix. If you're clean so far, you can move on to step eight:

8. Run the following command in Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:

"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"

In other words: "does not exist" means you've got a healthy rig. Anything else, just keep following F-Secure's instructions to vanquish the intruder."



Thanks all...now to get home and give this a go...keeping my fingers crossed. I hope you all fare well on this.
 
Joined
Jun 22, 2008
Messages
3,343
Reaction score
213
Points
63
Location
Forest Hills, NYC
Your Mac's Specs
15-inch Early 2008; Processor 2.4 GHz Intel Core 2 Duo; Memory 4 GB 667 MHz DDR2 SDRAM; 10.7.5
There are only two commands you have to run in Terminal, nothing else.

Code:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
Code:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If you are not "infected", both results will yield in a message saying that
A:
The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
and

B:
The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

No need to freak out.

Doug
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top