'Flashback' trojan estimated to have infected 600K Macs worldwide

24567

Comments

  • digitalclipsdigitalclips Posts: 15,400member
    Quote:
    Originally Posted by stelligent View Post


    Not installing AV is a bragging right? Just because you use a Mac?



    That's tantamount to saying you sleep around bareback because you run in the *right* circle (where all women use the pill and no one has STDs).



    You don't feel the need to use AV because the odds are on your side. Fine. But to brag about it like you've accomplished something special?



    How do you spell naive?



    Many of us that have had to suffer Windows as well as the joy of Macs have a deep hatred of all things AV as they are such a nightmare in terms of slowing down and screwing up Windows almost as much as Microsoft. However, since the day it became available I have used Little Snitch and cannot speak more highly of any utility I have ever used and I have used Macs since the Mac Plus. Before people new to Mac and who are getting nervous here rush out and put their heads in to the Norton et al noose, I'd highly recommend they give Little Snitch a try.
  • markbyrnmarkbyrn Posts: 562member
    One would expect the general tech media to go with anything that would tarnish Apple but I would hope an Apple-centric site would due some fact checking. For example, Symantec rates the infection rate for this trojan as very low and this Dr Web outfit is little known; any confirmation from a more established company like Kaspersky? When they make a claim how many computers from Cupertino are affected, doesn't the red flag raise in your mind?
  • spinnerlysspinnerlys Posts: 218member
    Quote:
    Originally Posted by stelligent View Post


    Not installing AV is a bragging right? Just because you use a Mac?



    That's tantamount to saying you sleep around bareback because you run in the *right* circle (where all women use the pill and no one has STDs).



    You don't feel the need to use AV because the odds are on your side. Fine. But to brag about it like you've accomplished something special?



    How do you spell naive?



    What about using common sense?

    I run Mac OS X since 2004, for a month I tried Sophos, which made my Mac even more vulnerable. And since I, and probably others, don't install everything that wants to be installed, we can be on the safe side.
  • paxmanpaxman Posts: 4,133member
    Quote:
    Originally Posted by DeanSolecki View Post


    Or the home button on my iPhone is unresponsive without pressing



    That can be caused by dust / dirt entering trough the conecotr port just below. An Apple sales guy used some compressed air on mine and that fixed it.
  • paxmanpaxman Posts: 4,133member
    Quote:
    Originally Posted by digitalclips View Post


    As a Mac Pro user I am surprised you are not a bit more savvy. I would suggest investing in Little Snitch rather than relying on Christian Prayers & Music.



    What? Chistian prayers and music wont work? DOH!!
  • gatorguygatorguy Posts: 14,912member
    Quote:
    Originally Posted by markbyrn View Post


    One would expect the general tech media to go with anything that would tarnish Apple but I would hope an Apple-centric site would due some fact checking. For example, Symantec rates the infection rate for this trojan as very low and this Dr Web outfit is little known; any confirmation from a more established company like Kaspersky?



    The return of the "Flashback" malware variant was reported by Ars weeks ago and confirmed by another security company, Intego, late last year I believe. The Java patch that closed the hole was made available in February but Apple delayed offering it to Mac users until this week.

    http://arstechnica.com/apple/news/20...t-strategy.ars
  • danacamerondanacameron Posts: 337member
    Quote:
    Originally Posted by digitalclips View Post


    Many of us that have had to suffer Windows as well as the joy of Macs have a deep hatred of all things AV as they are such a nightmare in terms of slowing down and screwing up Windows almost as much as Microsoft.



    Exactly! It's not naivete being confident in the fact that we haven't installed AV software for over ten years. The fact is, we haven't needed AV software and our Macs run more smoothly without it.



    Quote:
    Originally Posted by digitalclips View Post


    However, since the day it became available I have used Little Snitch and cannot speak more highly of any utility I have ever used and I have used Macs since the Mac Plus. Before people new to Mac and who are getting nervous here rush out and put their heads in to the Norton et al noose, I'd highly recommend they give Little Snitch a try.



    If a legitimate virus or trojan actually springs up in the wild (which I doubt will happen any time soon), I'll remember to look into this utility. Until then, I'll contune practicing the "safe computing and common sense" AndreiD spoke of and not worry about it.
  • jragostajragosta Posts: 10,473member
    Quote:
    Originally Posted by AppleInsider View Post


    A trojan horse virus named "Flashback" that surfaced last year is believed to have created a botnet including more than 600,000 infected Macs around the world, with more than half of them in the U.S. alone.



    Russian antivirus company Dr. Web issued a report on Wednesday noting that 550,000 computers running OS X had been infected by BackDoor.Flashback variants of the virus, as highlighted by ArsTechnica.



    An analyst for the company later updated the figure to note that the size of the botnet had reached 600,00. He also pointed out that 274 bots are originating from Apple's hometown of Cupertino, Calif.



    According to a map released by the firm, 56.6 percent of infected computers are located in the United States. Canada was second with 19.8 percent, followed by the U.K. with 12.8 percent of cases.



    Apple released a Java Security update on Tuesday to resolve the vulnerabilities that the virus is exploiting, but not before a number of Mac users had been hit with the malicious software. Oracle first issued a fix for the vulnerability in February.









    Security firm Intego publicized the Flashback trojan last September. Some variants of the software were even discovered with the potential to disable anti-malware protections within OS X.



    Researchers F-Secure have provided instructions on how to detect and remove the malware.



    [ View article on AppleInsider ]



    I call BS. Let's do some simple math.



    They claim 600,000 infected computers. They list a number of countries that show 0.1% of the world's infections - or 600 computers. Let's say that '0.1%' indicates that they found a single infected computer. In order to have the math work out, they would have had to test 1 out of every 600 Macs in the world. With an installed base of 40 M computers, they would have had to have tested a minimum of 70,000 Macs to see if they were infected. I really doubt that they individually tested 70,000 randomly sampled computers in all these different countries.



    While they could be doing some sort of automatic online checking, that is not valid because of sampling error. They can only check the computers that come to the testing servers. If they, for example, are using porn or pirate servers for their samples, it is clearly not representative.
  • mc_razzamc_razza Posts: 3member
    Quote:
    Originally Posted by stelligent View Post


    How do you spell naive?



    It can also be spelt as "naïve".

  • markbyrnmarkbyrn Posts: 562member
    Quote:
    Originally Posted by Gatorguy View Post


    The return of the "Flashback" malware variant was reported by Ars weeks ago and confirmed by another security company, Intego, late last year I believe. The Java patch that closed the hole was made available in February but Apple delayed offering it to Mac users until this week.

    http://arstechnica.com/apple/news/20...t-strategy.ars



    I didn't claim that the trojan was made up - I'm disputing this Dr Web's numbers and the FUD to imply that hundreds of computer at the Apple Cupertino campus are part of the bot net.
  • kpomkpom Posts: 572member
    Quote:
    Originally Posted by DeanSolecki View Post


    Not sure why you kids get so worked up about this stuff. I'm glad AI is circulating what might be an important issue for a handful of people. Not everything has to be an Apple PR spot, does it?



    It's good that they are reporting the potential security issue, but everyone seems to be taking the "600K" claim at face value.



    That said, I do want Apple to put out a malware cleaner update sooner rather than later. Running Terminal isn't for the average user.
  • adamwadamw Posts: 114guest
    According to Doctor Web, the security company who analyzed this trojan, they were able to intercept the botnet traffic to count both the number of infected Macs and their geographical location. Per their post at: http://news.drweb.com/show/?i=2341



    "Each bot includes a unique ID of the infected machine into the query string it sends to a control server. Doctor Web's analysts employed the sinkhole technology to redirect the botnet traffic to their own servers and thus were able to count infected hosts.



    Over 550 000 infected machines running Mac OS X have been a part of the botnet on April 4. These only comprise a segment of the botnet set up by means of the particular BackDoor.Flashback modification."
  • andreidandreid Posts: 96member
    Quote:
    Originally Posted by NelsonX View Post


    Yes it is for real. You could have find out yourself if you have checked with Google. But of course you can not use Google because Google is "The Enemy", right?

    Doctor web is an antivirus company established in 1992: http://en.wikipedia.org/wiki/Dr._Web





    Ok and if the entity exists should we trust the rest of the figures?



    Whenever i see an AV company (real or whatever obscure or fake) come up with smith on the net saying beware of this and that i highly look with suspicion because that's exactly how many social engineerings start...and that's what a trojan is all about...social engineering at a lower level.
  • technotechno Posts: 592member
    Quote:
    Originally Posted by NelsonX View Post


    Yes it is for real. You could have find out yourself if you have checked with Google. But of course you can not use Google because Google is "The Enemy", right?

    Doctor web is an antivirus company established in 1992: http://en.wikipedia.org/wiki/Dr._Web



    And we all know to trust everything we find through Google. Especially trust Wikipedia as that never lies.
  • aaarrrggghaaarrrgggh Posts: 1,525member
    It is shortsighted to take these things lightly. Someone could clean out your bank accounts pretty fast with any effective, targeted tool such as this.



    Checked our three Macs, and all clean.



    You are at risk if you enable Java in Safari apparently; Firefox doesn't seem to be targeted.
  • technotechno Posts: 592member
    Has anyone tried the manual removal process described here? I get an error:



    Quote:

    The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist



    Edit

    Never mind. My bad. I didn't read on.
  • wyseguywyseguy Posts: 3member
    Quote:
    Originally Posted by Gatorguy View Post


    The return of the "Flashback" malware variant was reported by Ars weeks ago and confirmed by another security company, Intego, late last year I believe. The Java patch that closed the hole was made available in February but Apple delayed offering it to Mac users until this week.

    http://arstechnica.com/apple/news/20...t-strategy.ars



    Apple didn't "delay" offering it to Mac users. Apple takes JVM code from Oracle, ports it to OS X, tests it, then releases it. That takes about 30-60 days. This isn't new.



    Long term, I think Apple will get out of the business of porting Java to the Mac. Java isn't as critical to Apple's success as a platform as it was 15 years ago. Time to let Oracle do it, like it already does with other platforms.
  • technotechno Posts: 592member
    What does this malware do?



    Quote:

    Trojan-Downloader:OSX/Flashback.I connects to a remote site to download its payload; on successful infection, the malware modifies targeted webpages displayed in the web browser.



    That is so vague. Anybody know more than that?
  • stelligentstelligent Posts: 2,680member
    Quote:
    Originally Posted by digitalclips View Post


    Many of us that have had to suffer Windows as well as the joy of Macs have a deep hatred of all things AV as they are such a nightmare in terms of slowing down and screwing up Windows almost as much as Microsoft.



    It's a good point, to an extent. I just haven't seen AV slow down Windows that much in recent years. But there is no question that, in totality, management of malware is a far greater nightmare on Windows. The problem seems far less daunting on W7 but past history keeps all of us wary.



    Quote:
    Originally Posted by digitalclips View Post


    However, since the day it became available I have used Little Snitch and cannot speak more highly of any utility I have ever used and I have used Macs since the Mac Plus. Before people new to Mac and who are getting nervous here rush out and put their heads in to the Norton et al noose, I'd highly recommend they give Little Snitch a try.



    Thanks for the tip. That's one I've not tried.



    Quote:
    Originally Posted by spinnerlys View Post


    What about using common sense?

    I run Mac OS X since 2004, for a month I tried Sophos, which made my Mac even more vulnerable. And since I, and probably others, don't install everything that wants to be installed, we can be on the safe side.



    That's a fair comment. But in today's world of slacktivism, everyone wants to share stories pictures and links, all with good intentions but poor insight into the ramifications of their actions. It's such an easy world for malware producers that I am impressed the situation isn't worse.



    Quote:
    Originally Posted by mc_razza View Post


    It can also be spelt as "naïve".





  • andreidandreid Posts: 96member
    Quote:
    Originally Posted by stelligent View Post


    Not installing AV is a bragging right? Just because you use a Mac?



    That's tantamount to saying you sleep around bareback because you run in the *right* circle (where all women use the pill and no one has STDs).



    You don't feel the need to use AV because the odds are on your side. Fine. But to brag about it like you've accomplished something special?



    How do you spell naive?



    Naive is just as easily spelled as you are naive by making so naive statements, because:



    1. Using or not using the AV has nothing to do with odds. By saying "odds" you imply that Macs are safer against malware just because of random events and let's say chance, which either way is wrong. If you imply security by obscurity then you are also wrong because market share and obscurity have nothing to do with security against malware. If you want to d-bate on this i'd be happy to do it and provide real numbers on this and real facts.



    2. You are naive to think that AV software represents some magical barrier that keeps the nasty bugs outside of your computer. Remember pls that AV software is just a pice of software (with a specific task) and as ALL software around the world, is not perfect and not without vulnerabilities. Many times in the past in the Windows world malware successfully exploited vulnerabilities in the AV software itself, not in the OS. So think about it!



    3.Regarding your "tantamount" i have one also to give you: As i said, installing anti-virus software on a Mac puts you at greater risk because the anti-virus software itself provides new opportunities for potential infection. If that?s hard to comprehend, imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn?t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.



    4. LAST: Working on a much safer and better built OS from the ground up compared to any Microsoft has to offer, is indeed a reward and a pleasure. As one poster noted before me, you tend to forget all the problems Windows had to offer us and still offers, and now being relieved of all that makes some of us a bit smug. In the end why not?! It's like seeing the light from all those time spent in darkness. It's just wow, and you can't help by bragging especially in the face of all the night creatures out there that still think there's only one way, their way.
Sign In or Register to comment.