Slashdot Mirror
Flashback Trojan Hits 600,000 Macs and Counting
twoheadedboy writes "A Flashback variant dubbed Backdoor.Flashback.39 has infected over 600,000 Macs, according to Russian security firm Dr Web. The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year. The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs."
it used to be magic pixie dust protected Macs but in the last 6 months i've been using the Spirit of Steve
time to find some new protection
The users just surfed wrong.
But seriously, Apple screwed the pooch really good on this one. Looks like it's time that their corporate culture goes through the same "trustworthy computing" initiative that Microsoft went through over the last few years.
Macs don't get viruses, so there is no reason to check for them, so there is no "app for that".
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
See here: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
Summary:
If you open Terminal and run
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
and
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
and see:
The domain/default pair of [...] does not exist
for each, you are not infected. Also, if you run nearly any AV software or other tools like Little Snitch, you are not infected as it checks for these and deletes itself if found.
Also, no sensible person ever said "Macs don't get [infected/hacked/whatever]." It just a lot less likely, and has historically been, even accounting for differences in marketshare. As Mac share increases, it only makes sense they'll be targeted more with malware. But Macs, as a whole, are indeed "more secure", in that still, to this day, you are far less likely — even with the complacency or, if you prefer, ignorance, of Mac users — to become impacted with any malware than with Windows. Maybe someday this will change. But it's never been true to date, and isn't true now. The fact that single instances of Mac malware get so blown out of proportion, STILL, is ridiculous. (Though, Apple could do better with patching known vulnerabilities in Java on Mac OS X...)
The same advice and best practices for avoiding malware apply to Macs as well as any other desktop platform, and Mac users would do well to run current AV software. The Sophos free edition is nice.
Gizmodo's article shows how to determine if your machine is infected. http://www.gizmodo.co.uk/2012/04/mac-flashback-trojan-find-out-if-youre-one-of-the-600000-infected/
Let me laugh :
PC's wear biohazard suits, Macs don't need no biohazrd suits
Mac versus Pc viruses
I'm a MAC and I don't need no fucking antivirus/malware/biohazard suit you wippersnapper snotty little PC.
---> Pc walks away laughing at MAC. Look dady he's MAC and he's been zombiefied.
From what I read, the payload is delivered when you visit certain sites, but as a Trojan, it asks for and requires the user to enter their admin password to install.
Well, there's spam egg sausage and spam, that's not got much spam in it.
The Flashback.K variant requires no password to install itself.
blog
the process of keeping updated is more dummy-proof... dummy users are safer on Macs.
It is? Last time I checked, the default update mode for Windows will install updates the next time your shut down your computer after Windows detects an update has been released.
This is a bit different in a corporate setting, but I assumed you meant for home users.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
Indeed, this is one of the reasons that got me into Linux in the first place - that I am not nickel-and-dimed for a workable computer.
By the way, since the Gimp handles RGB images better than Photoshop, it's better for astrophotography processing. ImageMagick is also quite the program.
Come for the free beer. Stay for the freedom. Use Linux.
--
BMO
Actually, the vulnerability used in OS X is also in Linux. So yes, it can infect Linux!
However, the payload only currently runs on OS X, so infecting Linux is a minor point since it does nothing.
It's a Java vulnerability. Which is interesting since Apple stopped supporting and shipping Java since what, Leopard (10.5)? Heck, we can blame Oracle for the mess...
Apple stopped supporting and shipping Java since what, Leopard (10.5)
That's patently incorrect. Java is alive and well on OS X, and is still supported on Lion, Snow Leopard, and IIRC there was a Java update recently even for Leopard.
A successful API design takes a mixture of software design and pedagogy.
A bootable image is just an OS X install disc. If you lost yours, you can get one off eBay (or copy it from someone). As soon as the installer starts, you have an option of restoring a time machine backup. It was quite easy last time I tried it (1 year ago or so).
A successful API design takes a mixture of software design and pedagogy.