You are here

Over 600 000 MACs infected with Flashback Malware

For current or would-be users of Apple Mac computers, with answers to many FAQs.

Over 600 000 MACs infected with Flashback Malware

Postby DragonLogos » Thu Apr 05, 2012 8:56 am

Full Story from Cnet Here

half the computers infected with malware designed to steal personal information are in the U.S.


As CNET blogger Topher Kessler explains, simply visiting a malicious Web site containing Flashback on an OS X system with Java installed will result in one of two installation routes. The malware will request an administrator password, and if one is supplied, it will install its package of code into the Applications folder. If a password is not offered, the malware will install to the user accounts where it can run in a more global manner.


Instructions for Detection and removal here
User avatar
DragonLogos
Regular
Posts: 276
Joined: Sun Oct 13, 2002 11:00 pm

Re: Over 600 000 MACs infected with Flashback Malware

Postby ConcertinaChap » Thu Apr 05, 2012 9:10 am

Thanks. Most useful.

CC
User avatar
ConcertinaChap
Frequent Poster
Posts: 3590
Joined: Tue Jul 19, 2005 11:00 pm
Location: Bradford on Avon

Making music: Eagle Alley ... Recording music: Mr Punch's Studio  

Number 1 in a field of 1.


Re: Over 600 000 MACs infected with Flashback Malware

Postby Dishpan » Thu Apr 05, 2012 9:24 am

At least you can remove that one. The new one I discuss here:

http://www.soundonsound.com/forum/showf ... t=1#980058

Has no resolution other than full reinstall.
Dishpan
Regular
Posts: 187
Joined: Tue Aug 31, 2004 11:00 pm

Re: Over 600 000 MACs infected with Flashback Malware

Postby DragonLogos » Thu Apr 05, 2012 9:44 am

I did see that one, it really looks like some groups is targeting MACs - difficult to say what measures to take other than keep up-to=date with news stories etc - If its only tracking passwords and stuff its very small data, also it seems to be more MACs in the USA
User avatar
DragonLogos
Regular
Posts: 276
Joined: Sun Oct 13, 2002 11:00 pm

Re: Over 600 000 MACs infected with Flashback Malware

Postby Hugh Robjohns » Thu Apr 05, 2012 9:53 am

I know it's bad form, and I apologise in advance... but as a PC user can I just say: ha ha ha ha ha ha ha !

Sorry /coat

hugh
User avatar
Hugh Robjohns
Moderator
Posts: 17069
Joined: Thu Jul 24, 2003 11:00 pm
Location: Worcestershire, UK

Technical Editor, Sound On Sound


Re: Over 600 000 MACs infected with Flashback Malware

Postby ConcertinaChap » Thu Apr 05, 2012 10:16 am

Yes, Id say it was bad form, except ...

Some time back as a Mac (as well as PC) user I advocated installing anti-virus software on Macs and got roundly and loudly told off by those that believe that Macs are charmed and cannot ever be infected by anything. So, I'm going to join you: ha ha ha ha ha!

CC

PS it's interesting that this malware uninstalls itself if it detects the presence of anti-virus software.
User avatar
ConcertinaChap
Frequent Poster
Posts: 3590
Joined: Tue Jul 19, 2005 11:00 pm
Location: Bradford on Avon

Making music: Eagle Alley ... Recording music: Mr Punch's Studio  

Number 1 in a field of 1.


Re: Over 600 000 MACs infected with Flashback Malware

Postby agent funk » Thu Apr 05, 2012 10:25 am

it's not a virus, it's a trojan, anti virus software wouldn't do anything.

It uninstalls if you have little snitch - which is not anti virus software, but an internet monitor.
User avatar
agent funk
Frequent Poster
Posts: 769
Joined: Sat Apr 30, 2005 11:00 pm

Re: Over 600 000 MACs infected with Flashback Malware

Postby ConcertinaChap » Thu Apr 05, 2012 10:49 am

On execution, the malware checks if the following path exists in the system:

/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app

If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.


[sarcasm] It's a strange thing about anti-virus software but it seems to check for trojans too. You'd think with a name like anti-virus software they wouldn't bother. [/sarcasm]
User avatar
ConcertinaChap
Frequent Poster
Posts: 3590
Joined: Tue Jul 19, 2005 11:00 pm
Location: Bradford on Avon

Making music: Eagle Alley ... Recording music: Mr Punch's Studio  

Number 1 in a field of 1.


Re: Over 600 000 MACs infected with Flashback Malware

Postby Pete Kaine » Thu Apr 05, 2012 10:51 am

Anti-virus would remove a trojen during a scan. A decent one might even reconigze the trojans code and stop it being installed in the first place. Apples been advising antivirus being installed for years so that should say something about the situation.
User avatar
Pete Kaine
Frequent Poster
Posts: 2476
Joined: Wed Jul 09, 2003 11:00 pm
Location: Manchester

Re: Over 600 000 MACs infected with Flashback Malware

Postby agent funk » Thu Apr 05, 2012 11:35 am

fair enough CC I missed that.

It's just that on the apple discussion boards they say that the virus program wouldn't work here, and that it's not a recommended way to clean the system of this malware and you can't be sure it would be removed.

this is an older trojan anyway with a clean up method available, see the other thread for the newer trojan which has no fix it seems except re-install.

Maybe we will need to follow your advice about anti-virus software in the future, however the main thing seems to be to turn off Java in the preferences - of course not much good if it's already in. Lion comes with Java off as default, I just wish apple had warned us a bit louder to turn it off in the older systems as well.

By the way I'm still clean - no anti virus yet either
User avatar
agent funk
Frequent Poster
Posts: 769
Joined: Sat Apr 30, 2005 11:00 pm

Re: Over 600 000 MACs infected with Flashback Malware

Postby Hugh Robjohns » Thu Apr 05, 2012 1:09 pm

fletcher wrote:it's not a virus, it's a trojan, anti virus software wouldn't do anything.

Any decent anti-virus software (on a Mac or a PC) will detect and deal with trojans when they arrive, and certainly when a system scan is perfomed.

hugh
User avatar
Hugh Robjohns
Moderator
Posts: 17069
Joined: Thu Jul 24, 2003 11:00 pm
Location: Worcestershire, UK

Technical Editor, Sound On Sound


Re: Over 600 000 MACs infected with Flashback Malware

Postby Dave B » Thu Apr 05, 2012 1:10 pm

Hugh Robjohns wrote:I know it's bad form, and I apologise in advance... but as a PC user can I just say: ha ha ha ha ha ha ha !

But Hugh, only numpties would install it....

Which would make all PC users ....
User avatar
Dave B
Frequent Poster
Posts: 3005
Joined: Wed Apr 02, 2003 11:00 pm
Location: Maidenhead

Veni, Vidi, Aesculi


(I came, I saw, I conkered)


Re: Over 600 000 MACs infected with Flashback Malware

Postby ConcertinaChap » Thu Apr 05, 2012 2:16 pm

Just a reminder that Sophos provide free and good quality anti-virus (and anti-trojan ) software for Macs here.

CC

Edit: Here is a discussion on the Sophos forums on setting up SAV for use on a Mac used for audio recording.
User avatar
ConcertinaChap
Frequent Poster
Posts: 3590
Joined: Tue Jul 19, 2005 11:00 pm
Location: Bradford on Avon

Making music: Eagle Alley ... Recording music: Mr Punch's Studio  

Number 1 in a field of 1.


Re: Over 600 000 MACs infected with Flashback Malware

Postby forumuser695516 » Thu Apr 05, 2012 2:39 pm

Hugh Robjohns wrote:I know it's bad form, and I apologise in advance... but as a PC user can I just say: ha ha ha ha ha ha ha !

Sorry /coat

hugh

Christ, do you ever give it a rest Hugh? For an admin, and established member of the SoS team, you sure can be a prat.
forumuser695516
Frequent Poster
Posts: 850
Joined: Tue Aug 31, 2004 11:00 pm

Re: Over 600 000 MACs infected with Flashback Malware

Postby Hugh Robjohns » Thu Apr 05, 2012 3:03 pm

Gone out and forgotten your sense of humour again?

hugh
User avatar
Hugh Robjohns
Moderator
Posts: 17069
Joined: Thu Jul 24, 2003 11:00 pm
Location: Worcestershire, UK

Technical Editor, Sound On Sound


Re: Over 600 000 MACs infected with Flashback Malware

Postby Kwackman » Thu Apr 05, 2012 3:44 pm

~Paul wrote:
Hugh Robjohns wrote:I know it's bad form, and I apologise in advance... but as a PC user can I just say: ha ha ha ha ha ha ha !

Sorry /coat

hugh

Christ, do you ever give it a rest Hugh? For an admin, and established member of the SoS team, you sure can be a prat.

Hugh does not need me or anyone else to stand up for him, but his post WAS funny.
And when the inevitable Mac vs PC wars break out again, there'll be much worse than this!
User avatar
Kwackman
Frequent Poster
Posts: 784
Joined: Thu Nov 07, 2002 12:00 am
Location: Belfast

Cubase, guitars.


Re: Over 600 000 MACs infected with Flashback Malware

Postby agent funk » Thu Apr 05, 2012 4:06 pm

Hugh was only joking I'm sure

I have decided not to install any anti virus software, even though my son's computer had the trojan. I have decided to just turn off Java and tell my son to be more careful with Adobe updates - you can always install upgrades by running Adobe itself if your not sure of the prompt. I think he most likely became a victim this way (Facebook etc. not really concentrating and installed the fake Adobe Flash upgrade) with the original variant. This was the smart one which erased itself if littlesnitch or (ahem) antivirus software was detected. This is the one which can be removed using Terminal as described, seems to work. As he didn't have any software to detect it I think he had it for awhile, but one of the symptoms he had noticed recently (last week or so) was Safari crashing strangely. Which is what is reported to happen, increasing instability leading to crashes. He's on Snow and I only mention this in case anyone else has seen Safari crash recently, you might be infected.

The new version is it seems both more sneeky and less sophisticated. It gets in via Java and can install without your knowing even if you don't stupidly type your password. However without Java and Flash neither variant could have got in! It installs whether or not you have little snitch (why I say less sophisticated) and that is how it was spotted, little snitch snitched on it.

The other thread has a link to the apple discussion where it was first picked up. If you go to the beginning it is quite interesting to see the apple community slowly wake up to the problem. I'm sure though there wouldn't even be a discussion on a PC site about a windows malware threat, no news there, how many thousand malware threats have been seen on PC's in the same time frame? It says a lot that one trojan for macs has caused so much discussion.

Still I guess if macs continue to grow in popularity there will inevitably be a time when we lose our peace of mind and have to install anti-virus. Not yet though, but watch this space!
User avatar
agent funk
Frequent Poster
Posts: 769
Joined: Sat Apr 30, 2005 11:00 pm

Re: Over 600 000 MACs infected with Flashback Malware

Postby Hugh Robjohns » Thu Apr 05, 2012 4:12 pm

fletcher wrote:Hugh was only joking I'm sure

Quite so... and there were two blatent indicators in the post to make that quite clear. perhaps the ~prat trojan has got into Paul's computer...

hugh
User avatar
Hugh Robjohns
Moderator
Posts: 17069
Joined: Thu Jul 24, 2003 11:00 pm
Location: Worcestershire, UK

Technical Editor, Sound On Sound


Re: Over 600 000 MACs infected with Flashback Malware

Postby forumuser695516 » Thu Apr 05, 2012 6:08 pm

Hugh Robjohns wrote:Gone out and forgoten your sense of humour again?

hugh

Fortunately Hugh, there are still some of us left that set the bar for humour higher than floor level.
If it wasn't for the fact you make an appearance in Apple threads quite so frequently to drop your rancid brain farts, then yes we could shrug it off as a bit of humour. If that is, it hadn't already worn thin months ago.
I just don't see why or how you go from being more than respectable in every post around here, until it gets to an Apple post, where you'll suddenly morph into a bigoted prat.

Sorry
forumuser695516
Frequent Poster
Posts: 850
Joined: Tue Aug 31, 2004 11:00 pm

Re: Over 600 000 MACs infected with Flashback Malware

Postby Mixedup » Thu Apr 05, 2012 6:28 pm

~Paul wrote:there are still some of us left that set the bar for humour higher than floor level.

In which case you must find my personal humour threshold to be positively subterranean.

you go from being more than respectable in every post around here, until it gets to an Apple post, where you'll suddenly morph into a bigoted prat.

"When in Rome..."

See?
User avatar
Mixedup
Frequent Poster
Posts: 3987
Joined: Tue Sep 02, 2003 11:00 pm
Location: Laputa

Re: Over 600 000 MACs infected with Flashback Malware

Postby Mixedup » Thu Apr 05, 2012 6:30 pm

More seriously, it's inevitable that as Apple's market share grows that their OS will be targeted more. Windows was/is a popular target because it was/remains the dominant OS. iOS and Android also look like prime targets now.
User avatar
Mixedup
Frequent Poster
Posts: 3987
Joined: Tue Sep 02, 2003 11:00 pm
Location: Laputa

Re: Over 600 000 MACs infected with Flashback Malware

Postby BJG145 » Thu Apr 05, 2012 6:36 pm

~Paul wrote:bigoted prat. Sorry

T'internet has made "sorry" such a barbed remark the next version of this BB will probably asterisk it out.
User avatar
BJG145
Frequent Poster
Posts: 2988
Joined: Fri Aug 05, 2005 11:00 pm
Location: Norwich UK

 


Re: Over 600 000 MACs infected with Flashback Malware

Postby Folderol » Thu Apr 05, 2012 6:42 pm

I wonder what computers people have that are internet facing, how important they are, and how well protected.

My DAW hasn't seen a network connection since it was installed 4 years ago. It ain't broke and I've no intention of letting it get 'fixed'.

My netbook (which I use for work) goes online just occasionally via a firewalled router (wireless is switched off) to check for updates otherwise it too is blind to the 'net.

My general purpose one (that I'm typing this on) still goes via a firewalled router but otherwise goes just about everywhere. However, I use an e-mail client that's configured to only display plain text, run nothing, and ask before saving anything. My browser is Firefox, and I have NoScript, AddBlock and Ghostery configured pretty aggressively. For all of that if somehow it was to crash and burn I wouldn't regard it as a major disaster.
User avatar
Folderol
Jedi Poster
Posts: 4686
Joined: Sat Nov 15, 2008 12:00 am
Location: Rochester, UK

Save paradise, Pull up a parking lot!


Re: Over 600 000 MACs infected with Flashback Malware

Postby Hugh Robjohns » Thu Apr 05, 2012 7:26 pm

~Paul wrote:
If it wasn't for the fact you make an appearance in Apple threads quite so frequently....

I don't know if you've changed the medication recently, but your hallucinations are definitely getting worse, along with your manners. The mac forum is demonstrably one where I contribute least. As for the rest, personal abuse of the kind you have levelled so needlessly at me will not be tolerated. If my sense of humour has offended you I apologise without hesitation, of course.

Hugh
User avatar
Hugh Robjohns
Moderator
Posts: 17069
Joined: Thu Jul 24, 2003 11:00 pm
Location: Worcestershire, UK

Technical Editor, Sound On Sound


Re: Over 600 000 MACs infected with Flashback Malware

Postby Dmac » Thu Apr 05, 2012 7:45 pm

~Paul wrote:
Hugh Robjohns wrote:Gone out and forgoten your sense of humour again?

hugh

Fortunately Hugh, there are still some of us left that set the bar for humour higher than floor level.
If it wasn't for the fact you make an appearance in Apple threads quite so frequently to drop your rancid brain farts, then yes we could shrug it off as a bit of humour. If that is, it hadn't already worn thin months ago.
I just don't see why or how you go from being more than respectable in every post around here, until it gets to an Apple post, where you'll suddenly morph into a bigoted prat.

Sorry

You forgot /coat so that we'd all know you were joking.

Seriously, despite whichever platform we use, I don't think people infected will find it in the least funny; and I'm not sure it serves Hugh well to be laughing - even in jest - at the misfortune of others.

Regardless of intent (and I'm sure it was a little joke, and not just schadenfreude), this is the internet. You know - the internet? If there is to be a standard, then the admins should uphold it. It's bad form for a forum which purports to help its users if they are perceived to be laughing at them instead.
Dmac
Poster
Posts: 12
Joined: Wed Nov 06, 2002 12:00 am

Second in a one horse race...


Re: Over 600 000 MACs infected with Flashback Malware

Postby ConcertinaChap » Thu Apr 05, 2012 8:00 pm

fletcher wrote:I have decided not to install any anti virus software, even though my son's computer had the trojan.

Well, best of luck. You might be alright, long term. Personally I reckon the time to sort your protection out is before you get burned, not after - I speak from painful experience here. But you're grown up, you can make your own decisions.

Think I'll quit this discussion here. On top of everything else it has got quite unnecessarily acrimonious, but then it always does, doesn't it? Sad.

CC
User avatar
ConcertinaChap
Frequent Poster
Posts: 3590
Joined: Tue Jul 19, 2005 11:00 pm
Location: Bradford on Avon

Making music: Eagle Alley ... Recording music: Mr Punch's Studio  

Number 1 in a field of 1.


Re: Over 600 000 MACs infected with Flashback Malware

Postby Hugh Robjohns » Thu Apr 05, 2012 8:00 pm

I don't think people infected will find it in the least funny; and I'm not sure it serves Hugh well to be laughing - even in jest - at the misfortune of others.

I take your point, dmac, and I do sympathise with those who have suffered this problem. I presume with only 20-odd posts to your name you are relatively new to these forums so perhaps you are unaware of the years of friendly (and sometimes gloating) comments on these forums about the mac freedom of virus and Trojan attacks. I was making a lighthearted dig amongst friends of like mind, and clearly flagged it as such. Appropriate advice on dealing with the problem had already been given.

Hugh
User avatar
Hugh Robjohns
Moderator
Posts: 17069
Joined: Thu Jul 24, 2003 11:00 pm
Location: Worcestershire, UK

Technical Editor, Sound On Sound


Re: Over 600 000 MACs infected with Flashback Malware

Postby Tui » Thu Apr 05, 2012 8:05 pm

Questionable behaviour by mods has hurt this forum before, but, hey, perhaps it doesn't matter. Perhaps, on the internet, nothing matters.
User avatar
Tui
Frequent Poster
Posts: 1067
Joined: Sun Sep 01, 2002 11:00 pm
Location: Chiang Mai, Thailand

Re: Over 600 000 MACs infected with Flashback Malware

Postby arkieboy » Thu Apr 05, 2012 8:14 pm

... well I'm with Hugh - we've all been a little too smug for a little too long.

I pulled AV on my non-work macs, set a root password and log in as a standard user. I'm still happy with that decision. But obviously I'm now going to be a little more careful still...

Anyway, AFAIR OS X ships with some anti-malware routines and gets updated - on the quiet - with something like the Windows Malicious Software Remover. No comfort if you're a Virus/Trojan early adopter of course

Steve
User avatar
arkieboy
Regular
Posts: 296
Joined: Thu Nov 07, 2002 12:00 am

Re: Over 600 000 MACs infected with Flashback Malware

Postby * User requested deletion * » Thu Apr 05, 2012 8:51 pm

I have to say, I thought Hugh's comment was hilarious. In fact, I had to call NHS Direct as I thought for a second my sides had split.
* User requested deletion *
Regular
Posts: 409
Joined: Tue Aug 30, 2005 11:00 pm

Next

Who is online

Users browsing this forum: No registered users and 2 guests