Has anyone here actually been a victim of this Flashback trojan?

http://www.macworld.com/article/1166227/analyst_600_000_macs_infected_with_trojan_horse.html

"Information security consultant Adrian Sanabria wrote on his blog that he is unconvinced about Dr. Web’s findings: “So far, I haven’t seen any other reports numbering the victims of Flashback, but if accurate, such a large infection rate on Macs may change common perception of OS X as ‘virus-proof’ and could result in a spike in Mac antivirus software sales.

“However, given that the company reporting these numbers is in the business of selling antivirus software, I think we need to see their claims corroborated before we get too excited,” he added. Mikko Hypponen from F-Secure commented on Twitter on Dr. Web’s findings, saying: “We can’t confirm or deny the figure.”

Yeah, this big story comes from a company called Kaspersky. Guess what they sell?

I've used Macs for years, and have never once had a problem with malware. Like everyone else, this is probably just a case of a company wanting to sell some products.

I suspect the only "spike" we will see, is in their sales.

Of course there can be and is malware for macs. It's just that by far the majority of malware is targetting windows, so we on osx are fairly save.

Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.

orpheus wrote:Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.

It isn't. It's a unix-like OS that is entirely build by apple.

Scar wrote:Of course there can be and is malware for macs. It's just that by far the majority of malware is targetting windows, so we on osx are fairly save.

Scary though, that malware has crossed the species barrier..

Scar wrote:

orpheus wrote:Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.

It isn't. It's a unix-like OS that is entirely build by apple.

Well, does it retain that robust property of such systems?

Apple hired unix developers to rewrite unix, yet again, in order to have their own closed source version. Unix≠open source. *nix OSs are by somewhat less vulnerable to malware but not significantly so. Extensive efforts to make OSX non-nerd friendly have undermined security further. As market share increases malware will follow.

Well OSX is based on Darwin, which is an open-source OS created by apple. It basically is OSX without the graphical interface.

The_Metatron wrote:Yeah, this big story comes from a company called Kaspersky. Guess what they sell?

which is why you only trust political news from kids tv characters, and get nutritional advise from a mechanic etc.

ffs, who do you think actually do the most research in computer malware.


on the nature of this threat, apple decided that java was an integral aspect of the OS, and therefore built it into the OS code itself. this means apple are responsible for maintaining java. 6 weeks ago Oracle patched java for windows/linux, but not for mac as it does not maintain it. apple only submitted the update this week, this java vulnerability is what the virus is exploiting , and is likely to reoccur for other forthcoming java vulnerabilities unless apple significantly increase their response time for patching java in short order to Oracle updates

(note, all the OS's are vulnerable to java exploits to a certain degree (though linux's compartmentalization makes it harder) hence why known exploits are patched - but the gap between other OS's and apple's java getting patched puts OS-X at more risk because its essentially waving a flag for malware writers saying massive whole here once Oracle update on other systems)

Scar wrote:

orpheus wrote:Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.

It isn't. It's a unix-like OS that is entirely build by apple.

no, its based on UNIX/BSD/NeXTSTEP kernel that apple rewrote aspects of and added too

Apparently the Trojan requires your password to install a spoofed version of Flash Player from a malware site. Supplying a password to an untrusted install from a dodgy site is like letting a thief in through your front door. FYI, any legit site will send you directly to Adobe to install Flash and will not have you install directly from their site. If you are installing an app or plugin that requires your password, it's buyer beware.

Incidentally, as recommended, I checked using the Terminal app (it's in your Utilities folder) and my system's clean. Also patched Java using Update today.

Here are instructions for those concerned:

http://arstechnica.com/apple/news/2012/04/how-to-check-forand-get-rid-ofa-mac-flashback-infection.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

First, launch Terminal from /Applications/Utilities on your Mac. Then individually type or paste these three lines into the Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If the Terminal returns back to you lines that look like this:

The domain/default pair of (/Users/jacqui/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

Then you're home free and you're not (yet) infected by Flashback. You can proceed to the "Run Software Update" section of this post. If they do return results, then it's likely that you are infected. But worry not, as there are ways to get rid of the malware that will only hurt for a second.

PsYcHoTiC_MaDmAn wrote:

The_Metatron wrote:Yeah, this big story comes from a company called Kaspersky. Guess what they sell?

which is why you only trust political news from kids tv characters, and get nutritional advise from a mechanic etc.

ffs, who do you think actually do the most research in computer malware.

[Reveal] Spoiler: comments on which I am not commenting

on the nature of this threat, apple decided that java was an integral aspect of the OS, and therefore built it into the OS code itself. this means apple are responsible for maintaining java. 6 weeks ago Oracle patched java for windows/linux, but not for mac as it does not maintain it. apple only submitted the update this week, this java vulnerability is what the virus is exploiting , and is likely to reoccur for other forthcoming java vulnerabilities unless apple significantly increase their response time for patching java in short order to Oracle updates

(note, all the OS's are vulnerable to java exploits to a certain degree (though linux's compartmentalization makes it harder) hence why known exploits are patched - but the gap between other OS's and apple's java getting patched puts OS-X at more risk because its essentially waving a flag for malware writers saying massive whole here once Oracle update on other systems)

Scar wrote:

orpheus wrote:Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.

It isn't. It's a unix-like OS that is entirely build by apple.

no, its based on UNIX/BSD/NeXTSTEP kernel that apple rewrote aspects of and added too

Follow the money, man. You don't see a possible conflict of interest with a seller of anti-virus software telling us the sky is falling?

There are other sources for this sort of information.

felltoearth wrote:Apparently the Trojan requires your password to install a spoofed version of Flash Player from a malware site. Supplying a password to an untrusted install from a dodgy site is like letting a thief in through your front door. FYI, any legit site will send you directly to Adobe to install Flash and will not have you install directly from their site. If you are installing an app or plugin that requires your password, it's buyer beware.

Incidentally, as recommended, I checked using the Terminal app (it's in your Utilities folder) and my system's clean. Also patched Java using Update today.

Here are instructions for those concerned:

http://arstechnica.com/apple/news/2012/04/how-to-check-forand-get-rid-ofa-mac-flashback-infection.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

First, launch Terminal from /Applications/Utilities on your Mac. Then individually type or paste these three lines into the Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If the Terminal returns back to you lines that look like this:

The domain/default pair of (/Users/jacqui/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

Then you're home free and you're not (yet) infected by Flashback. You can proceed to the "Run Software Update" section of this post. If they do return results, then it's likely that you are infected. But worry not, as there are ways to get rid of the malware that will only hurt for a second.

thats not the one for this exploit, the first java hole required a password, the second which followed up just required you to visit a site with exploit code on it. no password needed
http://www.theregister.co.uk/2012/04/05/flashback_trojan_botnet/

The_Metatron wrote:

PsYcHoTiC_MaDmAn wrote:

The_Metatron wrote:Yeah, this big story comes from a company called Kaspersky. Guess what they sell?

which is why you only trust political news from kids tv characters, and get nutritional advise from a mechanic etc.

ffs, who do you think actually do the most research in computer malware.

[Reveal] Spoiler: comments on which I am not commenting

on the nature of this threat, apple decided that java was an integral aspect of the OS, and therefore built it into the OS code itself. this means apple are responsible for maintaining java. 6 weeks ago Oracle patched java for windows/linux, but not for mac as it does not maintain it. apple only submitted the update this week, this java vulnerability is what the virus is exploiting , and is likely to reoccur for other forthcoming java vulnerabilities unless apple significantly increase their response time for patching java in short order to Oracle updates

(note, all the OS's are vulnerable to java exploits to a certain degree (though linux's compartmentalization makes it harder) hence why known exploits are patched - but the gap between other OS's and apple's java getting patched puts OS-X at more risk because its essentially waving a flag for malware writers saying massive whole here once Oracle update on other systems)

Scar wrote:

orpheus wrote:Isn't OSX built on a variety of Linux, therefore open source? My understanding is that that helps keep it robust and less vulnerable.

It isn't. It's a unix-like OS that is entirely build by apple.

no, its based on UNIX/BSD/NeXTSTEP kernel that apple rewrote aspects of and added too

Follow the money, man. You don't see a possible conflict of interest with a seller of anti-virus software telling us the sky is falling?

There are other sources for this sort of information.

very well, they list this specific vulnerability on the front page

Apple Update for Java for OS X Lion and Mac OS X
Wednesday, April 4, 2012 at 10:03 am

Apple has released a Java update for the following products to address multiple vulnerabilities:

OS X v10.6.8
OS X server v10.6.8
OS X Lion v10.7.3
Lion Server v10.7.3

These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or disclose sensitive information.

US-CERT encourages users and administrators to review Apple article HT5228 and apply any necessary updates to help mitigate the risks.

Additional information regarding CVE-2011-5035 can be found in the US-CERT Vulnerability Note VU#903934.

the claims of a 600k botnet arise from a russian AV firm having gotten data from a command server due to apple not patching the java exploit quickly http://nakedsecurity.sophos.com/2012/04/05/mac-botnets-gaining-traction-using-drive-by-java-exploit/

Russian anti-virus firm Dr. Web reports that they have been able to sink-hole one of the command and control servers used to control victims of this latest attack.

The result? Dr. Web is stating that more than 600,000 OS X users are part of this botnet, including 274 from Cupertino, California.

The Flashback malware being distributed by this exploit is what we refer to as a "downloader". In and of itself it doesn't do any harm to the system, it simply compromises the system and downloads a further payload that can do just about anything the attackers desire.

It's things like this that makes me thank Jesus I am using Windows 7.

quas wrote:It's things like this that makes me thank Jesus I am using Windows 7.

lol seems to be an appropriate response.

win7 is just as vunerable to thus exploit if java isnt patched. not to mention any other exploits

likewise. linux is vunerable to this java exploit if not patched. however because of the security model linux employs. such an infection would be temporary. as it would need root access to permanently infect the machine. whereas both windows and mac have superuser access.