Posted on 04/05/2012 8:45:23 AM PDT by null and void
An investigation by Dr Web suggests that about 600,000 Macs have the malware - potentially allowing them to be hijacked and used as a "botnet".
It says that more than half that number are in the US.
Flashback was first detected last September when anti-virus researchers flagged software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer's security software.
Remote control
"By introducing the code criminals are potentially able to control the machine," the firm's chief executive Boris Sharov told the BBC.
"We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals' hands. However, we know people create viruses to get money.
"The largest amounts of bots - based on the IP addresses we identified - are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people."
Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California - home to Apple's headquarters.
Update wait
Apple released its own "security update" on Wednesday - more than eight weeks later. It can be triggered by clicking on the software update icon in the computer's system preferences panel.
The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.
Although Apple's system software limits the actions its computers can take without requesting their users' permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable.
"People used to say that Apple computers, unlike Windows PCs, can't ever be infected - but it's a myth," said Timur Tsoriev, an analyst at Kaspersky Lab.
Apple could not provide a statement at this time.
(Excerpt) Read more at bbc.co.uk ...
Or vice-versa. I'm sometimes incorrectly called a Macbot because I sometimes defend Apple against unfair attacks. But earlier on this thread when I commented that I thought this particular malware might indeed be a real problem, I got called an "Apple-basher" (above, #119). Who would-a thunk it?
:)
I think Nully answered at #134 above. Said he thinks probably he was infected, but can’t be sure because he updated before he tested.
Null, there WAS a version of the Trojan that installed with a bogus Flash update. It popped up on a website and required an Admin user name and password. It did not take you to the Adobe website for updating. Was that what you encountered? If so, it was not this particular Flashback Trojan; it was an earlier version that was pretty innocuous.
Was this install as long ago as August? That was Trojan Bash/QHost.WB... but since then your Mac should have recognized it and not allowed you to download it—unless you overrode the warning.
What OSX version are you running? You can check that by clicking on the Apple in the menu bar and selecting "About This Mac."
To avoid this happening again, go into your browsers' preferences and turn off JAVA. You can safely leave Javascript running... just JAVA needs to be off.
I know... but again, more evidence against this large number of infected Macs. Java is just not required for most home users and would not be installed unless they installed something that required it. People confabulate Javascript a mere scripting approach to using that calls from a library of pre-packaged system commands with Java... a sophisticated programing language. They are not one and the same.
See that’s what I’m talking about. You assert not a single FR mac user was impacted, yet you did KNOW in fact at least one may have been and suspected he was. You can see his response were he thinks he was infected in response to my post.
It’s crap like that why you are considered a macbot and never willing to accept any negative truth about apple. Next you’ll downplay this by saying only 1 FR user may have been impacted but we aren’t sure. Also how many FR macbots may have actually been impacted, but would never ever admit it because then they’d have to eat too much crow?
bookmarked
Also for games such as minecraft.
In this case, that's true.
But there are good arguments for turning off all scripting in the browsers, too, and some people are fortunate to be able to do that and still get their work done. E.g. NoScript in Firefox.
The arguments are "good", but not "compelling" enough for me, since I need to allow JavaScript to run for a huge number of the things I do every day. So I try to be "careful"...
Java is required to play one of the most popular games on the internet—minecraft. In fact, I think that’s the ONLY way you can play it on a Mac is via Java. With windows you have two options—exe and java. Odd thing is the java version runs better. My kids play it—I don’t like it so I don’t know all the details. But I did setup a server for them and it requires Java as well. Once again on windows it’s easy...just run the server exe file open port...redirect port with NETSH command.
4Q, you can take heart in this:
If in fact there are over half a million infected Mac users out there, only a tiny percentage would be on FR anyway.
You really ought to be posting like a madman on all the OTHER forums, especially the Mac-centric ones, trying to sniff out the infected Mac users. Think of all the good you would be doing, informing them of their dangerous habits and showing them the light of good security practices.
I'm only being slightly tongue-in-cheek here. Seriously, you would find a lot more folks with problems elsewhere that you could help. FReepers tend to be pretty cautious by nature. By and large...
10.6.8 and I usually use Firefox.
But then I’d be helping the liberal idiots who make up a majority of the mac base. I prefer to help Conservatives.
That’s a point. :)
Prove he has been infected, for-q-clinton. The symptoms he was complaining of are symptoms that JAVA itself can cause on a Mac. The cure for the Trojan also disables JAVA... which magically causes those symptoms to suddenly stop.
I am not seeing ANYONE on here who has tested their Macs and said "I am infected!" I am not seeing it on other forums either. What Null and Void presented was anecdotal, not evidentiary. It may be that he WAS infected. I simply don't know, nor do you, nor does he. Had he actually tested his Mac and it came up positive, then we would know. But the "cure" removes things that cause those very symptoms on their own and are just exacerbated by the Flashback trojan using them more often!
You are running OSX Snow Leopard... JAVA is not a default install on your machine unless you installed it for some application you needed. . . and even then the JAVA for the Snow Leopard version was updated. I sincerely doubt you had the Flashback trojan... your Mac would have warned you against installing it. Only Leopard and earlier were vulnerable to this particular incarnation of the malware.
A recent survey of computer users found that 46% of Mac users identified themselves as Republicans... and 47% identified themselves as Democrats. Well within the margin of error of the survey. Wow... another myth shot down.
No, in fact, it is not FUD, it’s fact, and firsthand knowledge. I’m not surprised that you resorted to an irrelevant symantic pile of offal, though. The machine I have to use at work has an OS that needs to have virus protection that consumes much of the CPU’s time.
I just found this on one of the major sites in the comments:
I did 5 minutes of research and found out that the majority of the sites infected with the trojan end in .nu and are sites (legal or illegal) for streaming videos, movies etc. in Scandanavia, Belgium and Denmark. I find it hard to believe that over 1/2 million Mac users would go to those sites. Something is fishy here. I wonder if this was originally posted on the internet on April Fools Day?
LOL! Porn sites?
AHA!!!
>> I find it hard to believe that over 1/2 million Mac users would go to those sites.
I don't.
In fact I guarantee you that if there are porn videos streaming out of Scandinavia, Denmark, etc. from those sites, then there are AT LEAST half a million Mac users, out of 75 million total Mac users, who would have hit those sites sometime in the past few months. And if many or most of those became infected...
Many of the U.S.-based porn sites redirect the user to an offshore site or server -- the stuff that comes out of Europe is often a lot more explicit than what's allowed in the U.S.
This could indeed explain the numbers -- IF the numbers are true, which has yet to be established.
Still have to account for the very low number of actual user complaints. Although that could be explained if the ONLY way to get infected was to visit some super-raunchy porn site, and nobody wants to admit to that... LOL!
I have now scanned through several hundred user comments on places like ZDNet, MacDailyNews, CNet, MacSurfer, etc., and have found exactly TWO users who have claimed to have been infected with the Flashback Trojan, and frankly both of them were very suspect comments... replete with typical troll like word usage, including reporting that "My MAC was infected!" Note the use of all caps to name his computer. The other claimed to have bought his because of the "I'm a PC... I'm a Mac" commercials claims that Macs never got viruses... and how disappointed he is now that he "finds his Mac is infected with a virus!" and that his next computer is going to be a Windows 8 computer. LOL!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.