Posted on 04/05/2012 8:45:23 AM PDT by null and void
An investigation by Dr Web suggests that about 600,000 Macs have the malware - potentially allowing them to be hijacked and used as a "botnet".
It says that more than half that number are in the US.
Flashback was first detected last September when anti-virus researchers flagged software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer's security software.
Remote control
"By introducing the code criminals are potentially able to control the machine," the firm's chief executive Boris Sharov told the BBC.
"We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals' hands. However, we know people create viruses to get money.
"The largest amounts of bots - based on the IP addresses we identified - are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people."
Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California - home to Apple's headquarters.
Update wait
Apple released its own "security update" on Wednesday - more than eight weeks later. It can be triggered by clicking on the software update icon in the computer's system preferences panel.
The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.
Although Apple's system software limits the actions its computers can take without requesting their users' permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable.
"People used to say that Apple computers, unlike Windows PCs, can't ever be infected - but it's a myth," said Timur Tsoriev, an analyst at Kaspersky Lab.
Apple could not provide a statement at this time.
(Excerpt) Read more at bbc.co.uk ...
If the error doesn’t return you should follow the instructions here:
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
If the error doesnt return you should follow the instructions here:
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
According to your link:
InstallationOn execution, the malware checks if the following path exists in the system:
- /Library/Little Snitch
- /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
- /Applications/VirusBarrier X6.app
- /Applications/iAntiVirus/iAntiVirus.app
- /Applications/avast!.app
- /Applications/ClamXav.app
- /Applications/HTTPScoop.app
- /Applications/Packet Peeper.app
If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.
So, it would appear the malware regards the letter X in Xcode the way the devil regards crossed forearms? That's good to know, LOL!
They still are once again you have to allow this to download and install on your computer.If I see something pop up I never let t install and will go directly to the site to see f there are updates.
Not Possible! Swordmaker and the macbots have told me that only windows gets stuff like this.
Where as I have always asserted once Macs become more popular (which they now have) they will have more attacks.
I wonder who was right?
From the Article:
“Later versions of the malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user’s permission. “
From the article:
“Java’s developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.
Apple released its own “security update” on Wednesday - more than eight weeks later. It can be triggered by clicking on the software update icon in the computer’s system preferences panel.”
So if Apple allowed java to be updated by Oracle then this wouldn’t have been as widespread of an issue. Very interesting.
I wonder why Apple took so long to patch this vulnerability? Maybe they should stick to making hardware and leave the software to the pros.
Thanks for the ping.
Shadow Ace...this is definitely worthy of the tech ping.
Number of Macs infected came from an AV company--take that for what it's worth.
Um. You’re “laughing your tookis off” because Windows has lost market share? OK.
Please, keep using your Windows machine. That way, I’ll have the competitive advantage.
A *RUSSIAN* AV company.
You Mac owners lied!
It sounds like you got it.
After following the instructions, ‘ libgmalloc.dylib ‘ is now gone.
No unusual activity on any C.C., no account hijackings, no PW changes,etc.
While this is part of the reason, you are ignoring a fundamental difference in the approach to security and design. Windows uses a completely different and frankly weaker security model/design, especially in older versions of their OS than UNIX (which OSX is based upon).
Any computer can be hacked, but when you have a security model that is more flawed on computer a than computer b, computer A is going to get hacked more.
No computer is hack proof, it its on the internet its at risk, period.
Apple controlling the updates is part of their overall security, and part of why they tend to have less issues. The model has its pluses and minuses.
The plus, only updates they send are going to get pushed to computers, meaning someone can’t hijack or spoof say an update looking like its an oracle update from oracle and compromise your box.. the update must come from apple. The down side, is as you pointed out, updates can take longer to be distributed because Apple must review and push them.
Security is a balance between usability and safety. The safer you want your computer to be, the less usable its going to be in practical application.
Opening up updates to be done from anywhere, does open Windows up to a more likely possibility of a phone update being pushed and infecting computers than a centralized distribution policy such as Apple has. However it also means updates don’t happen as quickly because the developers can’t push them directly.
I’ve had flame wars against Apple since the days of the Apple II, my Commodore 8 bits ran rings around them in every measurable way back in the day, and honestly I’ve traditionally not been a huge fan of theirs...though I can see why some folks enjoy them. From a user experience side, they have traditionally been miles ahead of MS. As a tech geek, they frustrate the heck out of me. However as a tech geek I’m really not their target market, their target market is people who are not technically savvy, and don’t want to be but want to use technology elegantly and simply... and on that front, Apple has done a supurb job, and does to this day.
Yes, that comes with pricetags I don’t care for, ungodly overpriced hardware, a development language that is rediculously and needlessly obtuse, and UI weaknesses that they need to concede they are wrong about.. IE only the bottom right corner can be used to resize a window... Its time to accept and update that one guys and let users drag any part of a window to resize it.
Apple focus these days is on USER EXPERIENCE, and give them credit where it is due, they own it. But like their security push model, it too comes with a price, want to publish for iPhone etc better meet their guidelines and pass their review before it will get out to the world. No such restrictions on other platforms, but this oversight while annoying from a pure hacker perspective, does lead to a ubiquitous experience to the user, regardless of who develops the app etc. All you have to do is go look at Android Apps and you’ll instantly see what I am talking about. Thousand upon thousands of crappy apps, they may do their jobs, but the user experience and interfaces are kludgy and inconsistent.
However getting back to security, Apples model for security is a generally safter design than Windows, especially on older version of the OS. Is it perfect? Nope, no such thing exists.
Not at all...I couldn’t care less....to me they are just tools. What I’m laughing at are all the Mac people trying to convince everyone else about how secure their systems are....when the security professionals know that NOT to be the case...now the chickens are coming home....to roost. LOL..... How secure do you feel NOW? If you were a smart Mac owner, you would start taking the steps to become a smart Mac user. (you in the general sense, not you in particular).
Do you work in a standard account or admin account?
Windows uses a completely different and frankly weaker security model/design, especially in older versions of their OS than UNIX (which OSX is based upon).These older versions you speak of were the Windows 3.1 / 9x / ME line. They do not exist anymore, and for over ten years now. They had no security at all, kindof like Mac OS 9… When we say “Windows” today, what we mean is the OS that derives from Windows NT, a completely different beast. There is nothing in its security model or design that makes it any less secure than Unix. If anything, it is more secure.
Not especially. More of the same old.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.