Corrine Posted April 6, 2012 Share Posted April 6, 2012 If you are a Mac user, be sure to update! Earlier this week, Dr.Web reported the discovery of a Mac OS X botnet Flashback (Flashfake). According to their information, the estimated size of this botnet is more than 500, 000 infected Mac machines. We followed up with an analysis of the latest variant of this bot, Trojan-Downloader.OSX.Flashfake.ab. It is being distributed via infected websites as a Java applet that pretends to be an update for the Adobe Flash Player. The Java applet then executes the first stage downloader that subsequently downloads and installs the main component of the Trojan. The main component is a Trojan-Downloader that continuously connects to one of its command-and-control (C&C) servers and waits for new components to download and execute. Full report: Flashfake Mac OS X botnet confirmed - Securelist Related article: Apple's security code of silence: A big problem | Apple - CNET News Quote Link to comment Share on other sites More sharing options...
Corrine Posted April 6, 2012 Author Share Posted April 6, 2012 Instructions here for Mac users to Update, Disable or Remove Your Java. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 9, 2012 Share Posted April 9, 2012 Java update for OS X patches Flashback malware exploit – CNET: Java for Mac OS X 10.6 Update 7 Java for OS X Lion 2012-001 ... If you have Java installed, you can check the version in the Java Preferences utility in your /Applications/Utilities/ folder, or you can launch the Terminal and run the command "java -version" to see an output of the current active version on your system. Secure your Mac from Flashback infection – USAToday: Flashback is technically not a trojan-horse application at all, but a "drive-by download" that infects computers by exploiting a vulnerability in Web software. That makes it much worse than a trojan: You just need to visit a malicious site, without downloading the wrong app or entering an admin password, to have this program silently take command of your Mac and begin altering the content of Web pages. That also sets Flashback apart from all of the other Mac viruses you might have heard about over the last few years. But it wasn't hard to see something like this happening. Flashback attacks a known weakness in the Java software Apple has bundled on Macs but often updated slower than other vendors. Apple released a fix last week —"Java for OS X Lion 2012-001" or "Java for Mac OS X 10.6 Update 7" depending on your version of OS X — but it came too late for the estimated 600,000 Macs infected so far. Trojan-Downloader:OSX/Flashback.I – includes HowTo check if you are infected and manual removal instructions Find Out if Your Mac Has the Flashback Trojan — the Fast and Easy Way – Mashable: According to a report Thursday, more than 600,000 Macs could be infected with the nasty Flashback trojan. We’ve already detailed how to check your Mac to see if you’re infected — but that requires some command line code, and we know that not all users are comfortable doing that. Now we’ve gone one step further and wrapped those commands into two AppleScripts. Quick protection for older Macs from the Flashback trojan - ZDNET: There are reports that some 600K Macs have been infected, perhaps by some estimates 1 percent of the installed base of Macs. As I mentioned in a post last week, Mac OS X Lion and Snow Leopard are running on the majority of Macs. Still, Mac OS X Leopard and Tiger may be running on a quarter of Macs in the world. Likely, your machines are not infected. Before I installed the Apple updates, I checked my machines using the Terminal checking routine offered by the F-Secure website. It’s the first part of the Manual Removal process. Yep, I did the same thing. Checked using F-Secure's steps to determine if you are infected. My Mac was clean but if it had not been, they also helped users manually remove it. Java can be enabled and disabled as needed fairly easily. One can add the Java preferences from Applications/Utilities/Java Preferences.app. Just unclick the two boxes and turn them back on when needed. Many think that Java is not needed and maybe in some cases that's true for everyday stuff, however, some banks make use of java applets, many remote sessions are powered by java applets as well, and some programs are based on java applets (one such program is RSSOwl and there are many others). Other than banks, there are still some websites that make use of Java applets as well. One that comes to mind is some of the NOAA and JPL, and other astronomy sites that make use of Java applets. Sure Java can be abused just as Flash, RealPlayer, Quicktime, Windows Media Player/Flip4Mac, javascripting on webpages, and just about everything else that is an Internet facing program. But you don't see everyone trying to uninstall all of those programs... I would imagine that many people can enable/disable Java as needed just as I noted above for Mac users. The biggest problem Mac users had to deal with was Apple's two month +/- delay in getting the updated Java update to Mac users so long after Windows and Linux users already had their updates. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 9, 2012 Share Posted April 9, 2012 I hear ya Temmu, but I find it interesting that Oracle was able to get it done for all versions of Windows, Linux, BSD, Unix and get it done back in February. IMHO, Apple was dragging their feet at the cost of their users. Quote Link to comment Share on other sites More sharing options...
ross549 Posted April 13, 2012 Share Posted April 13, 2012 Looks like a Java update is available today to clean the infection. Adam Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 13, 2012 Share Posted April 13, 2012 Apple delivers Flashback malware hunter-killer Third Java update in 9 days arrives as Apple scrambles to protect Mac users Two days after Apple promised to decontaminate Macs infested with the Flashback malware, on Thursday the company delivered.Yesterday's newest Mac OS X Java update includes a tool that will "remove the most common variants of the Flashback malware," Apple's advisory read. Thank you Apple! Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 13, 2012 Share Posted April 13, 2012 Mac Flashback Infections Drop to 270,000: Symantec - eWeek The software security firm says the infections are now less than half the 600,000-plus found last week by antivirus software vendors Kaspersky and Dr. Web. The number of Apple Macs infected with the Flashback malware seems to be shrinking as Internet security software vendors roll out tools to detect and remove the exploit and run “sinkhole” operations to reduce its effectiveness. Quote Link to comment Share on other sites More sharing options...
Corrine Posted April 14, 2012 Author Share Posted April 14, 2012 Apple released Flashback removal tools: OS X Lion Mac OS X 10.6 (Snow Leopard) Symantec's report on the decline in infections: OSX.Flashback.K – Suffering a Slashback – Infections Down to 270,000 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted April 14, 2012 Share Posted April 14, 2012 Changed the title to include both Flashfake and Flashback so folks will know what is being talked about since Flashback is a more common name for it. Hope you don't mind Corrine. Quote Link to comment Share on other sites More sharing options...
.thumb.jpg.7c3caaf218a75d76e16db7a5bddfb463.jpg)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.