How do I know if I instaalled this trojan

[rackydoo]

I'm pretty sure last week Adobe Flash asked me to update.

I just came upon this article that it could have been malware :-(


Threat Description: Trojan-Downloader:OSX/Flashback.C


What do I do now? I'm a newbie to OSX and do not know where to start

I'm running OS X 10.7.2

 

[harryb2448]

First up suggest going into Utilities and seeing if the Flash Player is actually installed. Do you recall downloading Flash Player?

 

[chas_m]

Scroll down to the bottom of this article to see the images that show more obviously how the "fake" installer differs from the real one:

Fake 'Flash installer' Trojan tries to obtain personal info | MacNN

If you still think you installed the fake one, follow F-Secure's advice or just wait for Apple to patch the system silently (they may well have already done this, actually).

 

[Doug b]

The threat of this latest Trojan is still considered minimal, as users would need to deliberately download it and install it

This is inaccurate. The real updater does indeed pop up without user intervention if an update exists.

By necessity, the program will have to quit and then re-launch the browser(s) when doing this, providing another clue to alert users that something is amiss.

This too is a bit inaccurate. During the normal update procedure, one must close their browsers before it will update.

What I find amusing and also quite sad is, these idiots have the ability to create a faithful mockup of the update UI, yet choose to create one which looks totally different?!

Doug

 

[Dysfunction]

I also find this interesting..

On installation, the installer first checks if the following file is found in the system:

/Library/Little Snitch/lsd


Little Snitch is a firewall program for Mac OS X. If the program is found, the installer will skip the rest of its routine and proceed to delete itself.

 

[rackydoo]

Thanks for the replies.

I do have flash installed and IIRC when I installed flash it I was prompted to agree to the license agreement as indicated in the link chas_m posted.


As a double check I'll run the terminal commands in the link tonight when I get home

 

[rackydoo]

I ran the terminal commands and I am clear. I let my guard down thinking I didn't have to worry about malware on a MAC. I'm going to be a bit more careful going forward.

Thanks again for the help

 

[Doug b]

I ran the terminal commands and I am clear. I let my guard down thinking I didn't have to worry about malware on a MAC. I'm going to be a bit more careful going forward.

Thanks again for the help

I don't care what OS a person is running, using common sense usually proves to be the most effective form of security from the start. Just because there are currently no self propagating viruses for OS X, that doesn't mean one should go all willy nilly and disregard the basic protocols that come along with surfing the web etc..

A strong admin password, and not just using it whenever an UI pops up asking for it is good practice in general. I think that most of these malware writers know that Windows users are in the habit of just clicking on things even if they don't understand why they're doing so.

Doug

 

[harryb2448]

Good work. It is only a worry if you access your password to something you did not knowingly download. As a precaution, if you are using Safari, go into Preferences > General and make sure the 'Open safe files' at the foot of the pane is NOT selected.

 

[rackydoo]

I don't care what OS a person is running, using common sense usually proves to be the most effective form of security from the start. Just because there are currently no self propagating viruses for OS X, that doesn't mean one should go all willy nilly and disregard the basic protocols that come along with surfing the web etc..

A strong admin password, and not just using it whenever an UI pops up asking for it is good practice in general. I think that most of these malware writers know that Windows users are in the habit of just clicking on things even if they don't understand why they're doing so.

Doug

Agreed. I am an ex windows user and I was vigilant
Once I got my MAC I lulled myself into a false sense of security which is now gone. Which is not a bad thing!