Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Version of Flashback Trojan Targets Mac Users

Posted by timothy on from the for-more-shiny-enter-password dept.

wiredmikey writes with this extract from Security Week: "On Friday, researchers from security firm Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications. Flashback was first discovered by Intego in September of 2011. It targets Java vulnerabilities on OS X, two of them to be exact, in order to infect the system. Should Flashback find that Java is fully updated, it will attempt to social engineer the malware's installation, by presenting an applet with a self-signed certificate. The certificate claims to be signed by Apple, but is clearly marked as invalid. However, users are known to skip such warnings, thus allowing the malware to be installed. ... The newest variant will render programs such as Safari and Skype unstable, causing them to crash. Interestingly enough, normally these are stable programs, so if they start suddenly crashing might be a sign of larger issues."

3 of 160 comments (clear)

  1. Re:But I thought... by jo_ham · · Score: 5, Informative

    I know you're trolling, but no he didn't.

    He did say they were much less likely, but it has never been the case that Macs were immune. There has been a history of malware on the Mac since the pre-OS X days.

    Far fewer viruses in the OS X era though (relative to earlier Mac OSes), but several trojans - usually in pirate software (like the infamous "pretends to be MS Office installer but really destroys your home folder" one).

    Vigilance is necessary on all platforms, especially against trojans, since they tend to exploit the common weak link in computer security - the user of the system.

  2. Re:But I thought... by MikeMo · · Score: 5, Informative

    Regardless, this is neither a virus nor a worm. It's a trojan. You're supposed to know the difference.

  3. Re:But I thought... by DJRumpy · · Score: 5, Informative

    Not only that, but this isn't a virus. It's a trojan, and there is no secure system free of trojans unless no human ever interacts with it. As far as I know, as of right now, there are no viruses in the wild for a Mac, as opposed to the 100K plus that are there for a PC. In that respect, the chances that a user will be duped into installing a bit of code with this specific trojan are pretty limited.

    Why is it that when we hear about the 1 or 2 trojans for Mac that come out each year, the anti-apple folks come out of the woodwork claiming they are all 'viruses' and that Mac users think they are immune, etc. Of course slashdot extremists will pander to this and mark such posts insightful. The very fact that we're talking about a trojan on a Mac and that it is 'news' speaks volumes. The vector of infection for a trojan has nothing to do with the OS, and unless you need to turn in your geek card, everyone here damn well knows that.

    Is a Mac immune? Of course not. No user system is immune from Trojans. Are you less likely to be infected on a Mac? Certainly, and claims to the contrary are patently false. Will that change in one year? Ten years? Who knows. That doesn't change the fact that the gist of the I"m a Mac commercials is still valid, even today.