'Flashback' trojan estimated to have infected 600K Macs worldwide

12467

Comments

  • charlitunacharlituna Posts: 7,069member
    Quote:
    Originally Posted by jragosta View Post


    I call BS. Let's do some simple math.



    They claim 600,000 infected computers. They list a number of countries that show 0.1% of the world's infections - or 600 computers. Let's say that '0.1%' indicates that they found a single infected computer. In order to have the math work out, they would have had to test 1 out of every 600 Macs in the world.



    No they wouldn't. THese percents are about the distribution of the known infected systems against the whole infection. So all they need is to know how many machines are infected and where they come from (which the IP would tell them). If they figured out what the trojan was up to, they might have figured out a way to intercept the information, perhaps even knowingly infected a computer of their own to get it (similar to how the studios put up torrents to get folks to grab them so they can read the IP address of the peers)
  • charlitunacharlituna Posts: 7,069member
    Quote:
    Originally Posted by wyseguy View Post


    Long term, I think Apple will get out of the business of porting Java to the Mac.



    Already gotten. Although they weren't porting Java, just the installer. And they stopped doing it as of Lion, same with Flash. This update was likely targeting Snow Leopard and before users, rather than those who would have gotten their runtime directly from Oracle and thus the update directly from them in Feb
  • gatorguygatorguy Posts: 14,646member
    Quote:
    Originally Posted by charlituna View Post


    If they figured out what the trojan was up to, they might have figured out a way to intercept the information, perhaps even knowingly infected a computer of their own to get it (similar to how the studios put up torrents to get folks to grab them so they can read the IP address of the peers)



    That's just what they claimed to have done, redirecting the botnets to their own servers using a hacker trick referred to as a blackhole by at least one report and a sinkhole by most others I've seen
  • blogorantblogorant Posts: 71member
    Quote:
    Originally Posted by digitalclips View Post


    ... rather than relying on Christian Prayers & Music.



    And this would mean what exactly?
  • gatorguygatorguy Posts: 14,646member
    Quote:
    Originally Posted by charlituna View Post


    And was it impossible for one to go to the source and get the patch. Was it Windows only, or such. did you have to wait for Apple to do their 'software update' version or could you have gotten it yourself.



    Is this gripe really because Apple didn't bother to fix a known issue (that wasn't actually theirs to fix) and forced you to wait or because you were too lazy to do the work yourself and choose to wait until Apple did it and served it to you on a silver platter



    I don't have any complaint as it's not my issue. If you have the knowledge to protect yourself then you certainly shouldn't blame Apple I suppose.



    With that said the complaints about Apple's slow response to reported security issues aren't new according to ArsTechnica, who I consider as fair-minded as any tech blog. They note:



    "Although Apple stopped bundling Java by default in OS X 10.7 (Lion), it offers instructions for downloading and installing the Oracle-developed software framework when users access webpages that use it. Some security researchers have for years criticized Apple for lagging behind Microsoft and Linux distributors in releasing Java updates to its users. F-Secure has recently joined others in counseling Mac users to disable Java on machines that don't regularly use it."

    http://arstechnica.com/apple/news/20...ord-needed.ars
  • technotechno Posts: 585member
    Quote:
    Originally Posted by I am a Zither Zather Zuzz View Post


    You guys are a laugh riot.



    I suppose you think that the only alternative to trusting everything we find via Google is to trust nothing we find via Google?



    Hey - those are the only possible choices, eh?



    I love AI!



    Actually, it is you that is posing it as an either or choice. Of course there are other choices. The point is not to take those two sources, actually the internet in general as a completely reliable source. People mistake Wikipedia for the Encyclopedias we used to have as kids.
  • blah64blah64 Posts: 767member
    Quote:
    Originally Posted by Quadra 610 View Post


    THIS is why iOS lockdown is the way to go (among other reasons.)



    Quote:
    Originally Posted by charlituna View Post


    I agree to a degree. Some of the 3rd party apps have bugs in them that are as bad in terms of the result to the customer as a virus. And they do things like uploading your address book without permission etc.



    The problem, and this is both agreement and disagreement, is that while running a curated (more appropriate term than "lockdown") system has many benefits (Quadra's point), there is no way to actually protect yourself from invasive apps (mr. tuna's point).



    What iOS needs is the equivalent of Little Snitch, but Apple isn't allowing it, AFAIK. There is a similar app available for jailbroken devices, but good luck buying it without giving up personal info to that seller.



    The privacy dangers of running a mobile device with full-time connectivity, access to much of your personal data, AND NO WAY TO MONITOR OR BLOCK OUTGOING NETWORK TRAFFIC are mindboggling. I refuse to use a device like this connected to the open internet. I think if people had a clue about all the data sent out from their apps there would be a minor revolution, or at least a strong push for something like Little Snitch for iOS. Please join me in pressing Apple for this!



    I suspect the issue is a conflict of interest. Apple wants as many developers as possible, and many developers still want to be able to poke their fingers into your data. Not just the obvious stuff like address book, but relatively benign things as well, like tracking how many times you launch your app, where you launch it, etc. That's fine IF AND ONLY IF the user understands what data they're giving away and agrees to do so. Openly, and with reasonable option to opt out without giving up the ability to use the app. Apps that won't launch without users agreeing to allow transmission of data back to the home servers are unsavory at best.
  • ecsecs Posts: 307member
    With the time, I'm getting more and more convinced that if there weren't any antivirus companies, there would be less than 90% of viruses around.
  • dualiedualie Posts: 330member
    Quote:
    Originally Posted by AndreiD View Post


    Naive is just as easily spelled as you are naive by making so naive statements, because:



    1. Using or not using the AV has nothing to do with odds. By saying "odds" you imply that Macs are safer against malware just because of random events and let's say chance, which either way is wrong. If you imply security by obscurity then you are also wrong because market share and obscurity have nothing to do with security against malware. If you want to d-bate on this i'd be happy to do it and provide real numbers on this and real facts.



    2. You are naive to think that AV software represents some magical barrier that keeps the nasty bugs outside of your computer. Remember pls that AV software is just a pice of software (with a specific task) and as ALL software around the world, is not perfect and not without vulnerabilities. Many times in the past in the Windows world malware successfully exploited vulnerabilities in the AV software itself, not in the OS. So think about it!



    3.Regarding your "tantamount" i have one also to give you: As i said, installing anti-virus software on a Mac puts you at greater risk because the anti-virus software itself provides new opportunities for potential infection. If that?s hard to comprehend, imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn?t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.



    4. LAST: Working on a much safer and better built OS from the ground up compared to any Microsoft has to offer, is indeed a reward and a pleasure. As one poster noted before me, you tend to forget all the problems Windows had to offer us and still offers, and now being relieved of all that makes some of us a bit smug. In the end why not?! It's like seeing the light from all those time spent in darkness. It's just wow, and you can't help by bragging especially in the face of all the night creatures out there that still think there's only one way, their way.



    This.



    Every once in a long while you come across a particularly cogent gem on this site. Thanks for that AndreiD.
  • jragostajragosta Posts: 10,473member
    Quote:
    Originally Posted by charlituna View Post


    No they wouldn't. THese percents are about the distribution of the known infected systems against the whole infection. So all they need is to know how many machines are infected and where they come from (which the IP would tell them). If they figured out what the trojan was up to, they might have figured out a way to intercept the information, perhaps even knowingly infected a computer of their own to get it (similar to how the studios put up torrents to get folks to grab them so they can read the IP address of the peers)



    Sorry, but simple math says that you're wrong.



    As for the rest, I'm still trying to figure out how in the world they were able to access the server records of the servers to know how many clients were infected.
  • majortom1981majortom1981 Posts: 305member
    Quote:
    Originally Posted by dualie View Post


    This.



    Every once in a long while you come across a particularly cogent gem on this site. Thanks for that AndreiD.



    he is wrong though. Most so called virus's that infect windows machines get installed the same way one would get installed on a mac. By the user running the program as an admin. On a mac the user would just type in their password when the prompt comes up and it would install itself.



    Mac users keep saying windows is inherently bad and mac cannot be touched. Thats not true. OSX is just as insecure as windows when it comes to the main thing that is getting installed on machines today.



    Also a real antivirus does stop a trojan from even running. So as more of these trojans for mac appear having a virus scanner on a mac will help when it comes to users like parents who will just let anything run.
  • MarvinMarvin Posts: 13,725member, moderator
    Quote:
    Originally Posted by techno View Post


    What does this malware do?



    That is so vague. Anybody know more than that?



    The malware scans text entered into Safari for usernames and passwords and sends them to a server somewhere. This means Paypal, banking, online store accounts etc.



    I think this is quite a dangerous iteration of the software as it doesn't directly ask for your password as it did before:



    http://www.telegraph.co.uk/technolog...passwords.html



    Apparently there are 4 million compromised web pages:



    http://www.pcmag.com/article2/0,2817,2402641,00.asp



    Anyone visiting those pages with an unpatched Mac, with Java installed and enabled will have it installed behind the scenes.



    Apple should probably setup Java in Safari to ask the user if Java should execute code on every page that requests it. This way, it would be clear if a website is trying to run code stealthily.
  • ljocampoljocampo Posts: 657member
    Quote:
    Originally Posted by digitalclips View Post


    As a Mac Pro user I am surprised you are not a bit more savvy. I would suggest investing in Little Snitch rather than relying on Christian Prayers & Music.



    OK I'm on the same page as you however I don't use a Mac Pro. I don't know if I am infected or not. I've always (for years) have disabled Java in my browser and use Little Snitch and ClamxAV. This antivirus cat and mouse game is a war. In all wars misinformation is an important weapon. A Russian security company (with exact numbers) telling me not to worry about a Russian trojan when you have ClamxAV or Little Snitch install is highly suspect. Are they trying to get me to let my guard down? Are they the real BOT masters?



    I have a program (SnapProX) that lately has been continuously asking me to allow a call back home to check for software updates. I only know this because LS tells me, not the developer's App. However, I have alway had "checked for update" on this program disabled. This unexpected behavior is what made me suspicious. Although I think the Mac is relatively secure, I believe we should not think we are safe from any type of malware.



    This week I had a online fraudulent credit card purchase attempted in the UK (I am in the US) which my bank picked up and would not allow it to pass until the bank let me know. The Visa/debit card number had to be changed. Luckily I had two CC numbers attached to the same bank account (which are not the real bank account number), which is isolated from other accounts and only used for online purchases.



    Also Little Snitch keeps flagging Apple's software update wanting to allow port 80 and when I deny it, the program tries again and asks for port 443. This has never been my experience with these programs. I have Apple's software update on manual and it should not be asking at all. I do suspect an infection of some sort but have found none. However I always suspect an infection. That's my normal state of mind and it should be all Mac users too.
  • ljocampoljocampo Posts: 657member
    Quote:
    Originally Posted by audio_inside View Post


    Wow, so this is all I have to do to protect my Mac?



    Code:


    sudo touch "/Library/Little Snitch"





    I don't know what "touch" means in that terminal command. See my post above this one for a take on Little Snitch. I consider myself pretty good at knowing how my computer works, and I know plenty about terminal but I avoid it like the plague. It is too dangerous for mere mortals. UNIX is not for mere mortals that's why Apple built its OSX on top of UNIX in the first place.



    In any case, I think Macs now or in the future, needs to worry about virus because the new methodology is getting in with a trojan to install a virus. It doesn't matter if Macs are virus proof when they are not, and never will, be trojan proof. If you have an operating system that needs to get to the lower levels of the computer, you open the door to UNIX hackers through social engineering the UNIX keys to the locks, which is [UNIX] one of the most secure operating systems on the planet.
  • ljocampoljocampo Posts: 657member
    Quote:
    Originally Posted by I am a Zither Zather Zuzz View Post


    You guys are a laugh riot.



    Thank you very much for coming out of the closet and acknowledging you are not one of us. I've known you as a troll. Your statement above implies you believe you're an outsider to the AI community. That's OK with me because you are way too cynical for an Apple lover and you always present the negative to all things Apple.



    Before this outing you were just a troll. Now we know you are a trojan horse trying to infect our AI community with your viral FUD. So you're a virus.
  • nofeernofeer Posts: 2,422member
    mashable has a good article and simple ways to test



    http://mashable.com/2012/04/05/mac-flashback-trojan/



    http://mashable.com/2012/04/05/mac-f...-trojan-check/



    i downloaded the scripts and unzipped ran both

    and all my macs are clean
  • egraregrar Posts: 29member
    For those who got infected, I got some questions. I'm a long time Windows user, and dealt with viruses.. got fed up, and ended up using Linux and now a Mac OS X Lion user, both are much more secure than Windows regarding virus-trojan infections.



    Again to those who got 'infected' by this trojan, what was your MAIN WEB BROWSER? Java installed or not? Does it have flash plug-in? Javascript on or off?



    I'm looking at a more secure web browser..
  • internetworld7internetworld7 Posts: 156member
    Quote:
    Originally Posted by digitalclips View Post


    As a Mac Pro user I am surprised you are not a bit more savvy. I would suggest investing in Little Snitch rather than relying on Christian Prayers & Music.



    I guess you're "smarter" than the other 600,000 Mac users who were infected? It's time to stop being a bunch of smug pricks and please READ the article before commenting!!!! This trojan SILENTLY installs in the background with NO USER INTERACTION REQUIRED. Why do you think 600,000 Macs were infected? You simply visit an infected website with Java enabled and your Mac is infected. In the Windows world it's called a drive by download.



    I'm running the new Sophos 8.0 antivirus for Mac which was just released yesterday and I have been for several months without a bit of shame for doing so. Better to be safe than sorry. I know it's a hard pill to swallow for us Mac users but this won't be the last mass attack that will be successful.
  • andreidandreid Posts: 96member
    Quote:
    Originally Posted by focher View Post


    Pretty much.



    You can also do a "sudo touch" on the rest of the list...unless you have one installed. I personally always install Xcode.



    /Developer/Applications/Xcode.app/Contents/MacOS/Xcode

    /Applications/VirusBarrier X6.app

    /Applications/iAntiVirus/iAntiVirus.app

    /Applications/avast!.app

    /Applications/ClamXav.app

    /Applications/HTTPScoop.app

    /Applications/Packet Peeper.app



    What i don't understand is why the trojan aborts the installation if Xcode is present. I can understand the rest of the AV software and network monitoring but Xcode?
  • andreidandreid Posts: 96member
    Quote:
    Originally Posted by majortom1981 View Post


    he is wrong though. Most so called virus's that infect windows machines get installed the same way one would get installed on a mac. By the user running the program as an admin. On a mac the user would just type in their password when the prompt comes up and it would install itself.



    Mac users keep saying windows is inherently bad and mac cannot be touched. Thats not true. OSX is just as insecure as windows when it comes to the main thing that is getting installed on machines today.



    Also a real antivirus does stop a trojan from even running. So as more of these trojans for mac appear having a virus scanner on a mac will help when it comes to users like parents who will just let anything run.



    Let me break down your post:



    1. You say i'm wrong but never actually point out any of my wrongful statements.



    2. After saying i'm wrong, you start to talk rubbish about some "so called virus" when clearly i never said anything about a virus. If you see my post i talked about general malware which can contain a lot of clearly distinguishable categories (viruses, worms, trojans, spyware, backdoors, rootkits etc). Having said that i will however indulge and point out you are mislead into thinking that viruses (so called ?) infect the same way Macs as PCs running Windows. If you were talking about trojans you were probably right to some extent because as another poster pointed out before me a trojan is nothing else really than a lie and you can't fully protect yourself from a lie other than through safe computing and common sense. But i suspect you were talking generally because of your next paragraph which is completely and utterly FALSE. I will explain in #3.



    3. OS X is generally much safer than Windows, as is Linux, just by fundamental design. OS X as Linux, it's derived from Unix which doesn't have any of the limitations or inherited weaknesses as Windows, as per the below examples:



    Quote:

    Thanks to its extensive use of battle-hardened Unix and open source software, Mac OS X also has always had security precautions in place that Windows lacked. It has also not shared the architectural weaknesses of Windows that have made that platform so easy to exploit and so difficult to clean up afterward, including:



    the Windows Registry and the convoluted software installation mess related to it,

    the Windows NT/2000/XP Interactive Services flaw opening up shatter attacks,

    a wide open, legacy network architecture that left unnecessary, unsecured ports exposed by default,

    poorly designed network sharing protocols that failed to account for adequate security measures,

    poorly designed administrative messaging protocols that failed to account for adequate security,

    poorly designed email clients that gave untrusted scripts access to spam one?s own contacts unwittingly,

    an integrated web browser architecture that opened untrusted executables by design, and many others.



    Source: http://www.roughlydrafted.com/2008/0...malware-crown/



    4. In your last paragraph you get back to trojans (that's the reason i said earlier you are confused by what a trojan is, how it works and what a virus is). You tend to overlook some points from my earlier posts. An AV is generally as effective as the user is vigilant and as it has the latest up to date signatures. So and AV will never protect you from nothing from a 0 day attack. Think about it: AV companies have to be diligent enough to be on the lookout for Mac malware (which is little interest for them anyway because of a lower marketshare the Mac occupy in the world), but generally speaking first malware is released then AV companies are playing catchup. In that time period you WILL be fully exposed. Even after let's suppose you get the up to date signatures for the latest malware, if the user is too dumb (sorry for the blunt expression) to practice safe computing and common sense there is a chance the dumb user will force the AV software to overlook the warning or allow the program to run (if we talk about trojans) since for example he desperately wants to look at that porn app he just downloaded, app though which he can download unlimited porn movies.



    So as you can see, as explained in my original post, AV software is NOT a magical barrier from heavens, un-passable, impenetrable, flawless in design, and perfect in function. It's just a pice of software and i said that ALL software is not perfect (OS X is not different).
Sign In or Register to comment.