Go to the Apple logo on the top and hit it and you will see Apple updates right there. I downloaded 2 today. i have the LION OS also.
Doing this just calls up Apple's Software Update program. I was clear that I've done that been there, and Software Update says there is nothing to update.
You haven't installed Java yet. Go to a web page that requires it and search on "java version test". Perform the test to force the download.
OK I now understand what's going on. I have this utility program in the Utility folder called 'Java Preferences." Seeing this I wrongly thought Java was installed. I double clicked on the program and it told me I need to install the Java Runtime. It offered to get it and install it for me but I declined. If I haven't needed this since I installed Lion, I probably will never need it, and could download it if I ever do need it. Problem solved. This Java security fix for the trojan which can't infect me since I have no Java Runtime installed. Plus I use Little Snitch and ClamxAV.
I wonder where "solipsism x" and "mister me" are right now? Surely they would like to weigh in on the mac virus debacle. Perhaps they are too busy eating crow right now.
Perhaps you'd like to revise your belief of what a "virus" is.
Note that OS X remains as secure as it has always been. You install third party crap (Java, Flash, et. al.), you're going to get this sort of thing.
Since I found I was infected with this yesterday and removed it, I was told to download the "Little Snitch" app, which I googled and installed the 3 hour demo of. I thought my system was clean of this trojan, as I followed the F-Secure removal instructions, but it appears this trojan installs other stuff once it gets in (via the Java exploit).
Little Snitch informed me that a file named .rserv (~/.rserv) in my Users directory on my Mac was trying to connect to cuojshtbohtnet.com or .net and several other strange sounding web sites. I denied them doing so and Googled .rserv and another program on my Mac that was doing similar attempts.
Also watch out for a file named: com.adobe.reader.plist in user launch agents directory. It was attempting to contact these same strange websites as .rserv was. I Googled these names and found in the last few days many other Mac users are seeing this same behavior when catching these "buggers" via the "Little Snitch" app.
Again, even though my system showed clean via the F-Secure instructions after I removed the infected files they mention, I believe I still had 2 other infected program files (same file date of March 29th also) related to this trojan that went undetected, and were only found by running this "Little Snitch" app which monitors programs trying to use your outgoing Internet connection.
This is a great/valuable post, adamw.
I would say in light of these additional findings to do this:
(1) Remove that .rserv file from your home Folder
(2) Unload the fake com.adobe.reader.plist LaunchAgent file with launchctl and remove it
(3) If you are Terminal.app savvy, add something like
127.0.0.1 cuojshtbohtnet.com cuojshtbohtnet.net
to your /etc/hosts file iff you can remember the exact spelling of the domain name(s) (those 2 names aren't real domains, according to a DNS lookup)
Thanks for the extra information about removing the trojan...
Here is a new report which finds that a secondary source, Kaspersky Labs, has also verified the 600,000+ figure of Macs infected with this trojan. They did testing to confirm Dr. Web's initial reporting of the trojan's number of infected Macs. Very interesting. They say 1% of Macs are infected with this trojan.
I was windows user for 14 years, so maybe that's why I've stop hating OS maker for every malware found. In that case I would become most notorious microsoft hater.
I see that apple has speed up their java update, that's good
I know E*trade uses Java for their real time streaming quotes so I have to keep it activated in Safari. java is not quite dead just yet. I bet there are a lot of site using it legitimately.
Maybe. I wonder if it's still really necessary for the web though. The site I've seen Java used on last week was done poorly and I've seen the same task done much better using other methods, and that's the only time I've seen Java used on the web so far this decade. Even the one huge Java evangelist that I know seems to have changed his mind about the platform. I don't think the platform will ever really go away, but its glory days, if it had any, are over.
Also, Apple needs to ensure that Java is disabled by default in Safari, which I don't believe it is now.
I'd say all 3rd-party code execution should only be enabled on a case-by-case basis, including Flash.
They need to fix the root of the problem though, which is the dynamic library linking to the Safari executable. Browsers should be the most isolated and locked down apps in the whole OS.
Allowing a user-level dynamic library to install and run without permission and hijack a browser is just asking for trouble. At the very least, Safari could check pre-loaded libraries and warn users that Safari is running in a modified state.
Quote:
Originally Posted by JavaCowboy
And, for the record, I know the "600,000" Mac botnet figure is exaggerated.
They did a sample of incoming unique connections to a dummy server. It wasn't an estimate. If anything, it's a minimum amount of infections:
I wonder where "solipsism x" and "mister me" are right now? Surely they would like to weigh in on the mac virus debacle. Perhaps they are too busy eating crow right now.
For those who are commenting on the supposedly impenetrable security of OS X, there are a few things to consider:
- this is an exploit in Java, which is no longer preinstalled with OS X
- it is an exploit that is only available while Java is enabled in Safari
This vulnerability does not affect OS X 10.7 in its default state. So OS X, as Apple currently ships it has no known security flaws. OS X 10.6 has 1. Far better than the alternatives I reckon.
Users always needs to be cautious over phishing scams and malware distributed via 3rd parties though.
Comments
Go to the Apple logo on the top and hit it and you will see Apple updates right there. I downloaded 2 today. i have the LION OS also.
Doing this just calls up Apple's Software Update program. I was clear that I've done that been there, and Software Update says there is nothing to update.
You haven't installed Java yet. Go to a web page that requires it and search on "java version test". Perform the test to force the download.
OK I now understand what's going on. I have this utility program in the Utility folder called 'Java Preferences." Seeing this I wrongly thought Java was installed. I double clicked on the program and it told me I need to install the Java Runtime. It offered to get it and install it for me but I declined. If I haven't needed this since I installed Lion, I probably will never need it, and could download it if I ever do need it. Problem solved. This Java security fix for the trojan which can't infect me since I have no Java Runtime installed. Plus I use Little Snitch and ClamxAV.
I wonder where "solipsism x" and "mister me" are right now? Surely they would like to weigh in on the mac virus debacle. Perhaps they are too busy eating crow right now.
Perhaps you'd like to revise your belief of what a "virus" is.
Note that OS X remains as secure as it has always been. You install third party crap (Java, Flash, et. al.), you're going to get this sort of thing.
Since I found I was infected with this yesterday and removed it, I was told to download the "Little Snitch" app, which I googled and installed the 3 hour demo of. I thought my system was clean of this trojan, as I followed the F-Secure removal instructions, but it appears this trojan installs other stuff once it gets in (via the Java exploit).
Little Snitch informed me that a file named .rserv (~/.rserv) in my Users directory on my Mac was trying to connect to cuojshtbohtnet.com or .net and several other strange sounding web sites. I denied them doing so and Googled .rserv and another program on my Mac that was doing similar attempts.
Also watch out for a file named: com.adobe.reader.plist in user launch agents directory. It was attempting to contact these same strange websites as .rserv was. I Googled these names and found in the last few days many other Mac users are seeing this same behavior when catching these "buggers" via the "Little Snitch" app.
Again, even though my system showed clean via the F-Secure instructions after I removed the infected files they mention, I believe I still had 2 other infected program files (same file date of March 29th also) related to this trojan that went undetected, and were only found by running this "Little Snitch" app which monitors programs trying to use your outgoing Internet connection.
This is a great/valuable post, adamw.
I would say in light of these additional findings to do this:
(1) Remove that .rserv file from your home Folder
(2) Unload the fake com.adobe.reader.plist LaunchAgent file with launchctl and remove it
(3) If you are Terminal.app savvy, add something like
127.0.0.1 cuojshtbohtnet.com cuojshtbohtnet.net
to your /etc/hosts file iff you can remember the exact spelling of the domain name(s) (those 2 names aren't real domains, according to a DNS lookup)
Here is a new report which finds that a secondary source, Kaspersky Labs, has also verified the 600,000+ figure of Macs infected with this trojan. They did testing to confirm Dr. Web's initial reporting of the trojan's number of infected Macs. Very interesting. They say 1% of Macs are infected with this trojan.
http://www.zdnet.com/blog/bott/secon...lashback/4737?
I see that apple has speed up their java update, that's good
I know E*trade uses Java for their real time streaming quotes so I have to keep it activated in Safari. java is not quite dead just yet. I bet there are a lot of site using it legitimately.
Maybe. I wonder if it's still really necessary for the web though. The site I've seen Java used on last week was done poorly and I've seen the same task done much better using other methods, and that's the only time I've seen Java used on the web so far this decade. Even the one huge Java evangelist that I know seems to have changed his mind about the platform. I don't think the platform will ever really go away, but its glory days, if it had any, are over.
Also, Apple needs to ensure that Java is disabled by default in Safari, which I don't believe it is now.
I'd say all 3rd-party code execution should only be enabled on a case-by-case basis, including Flash.
They need to fix the root of the problem though, which is the dynamic library linking to the Safari executable. Browsers should be the most isolated and locked down apps in the whole OS.
Allowing a user-level dynamic library to install and run without permission and hijack a browser is just asking for trouble. At the very least, Safari could check pre-loaded libraries and warn users that Safari is running in a modified state.
And, for the record, I know the "600,000" Mac botnet figure is exaggerated.
They did a sample of incoming unique connections to a dummy server. It wasn't an estimate. If anything, it's a minimum amount of infections:
https://news.drweb.com/show/?i=2341&lng=en&c=14
I wonder where "solipsism x" and "mister me" are right now? Surely they would like to weigh in on the mac virus debacle. Perhaps they are too busy eating crow right now.
For those who are commenting on the supposedly impenetrable security of OS X, there are a few things to consider:
- this is an exploit in Java, which is no longer preinstalled with OS X
- it is an exploit that is only available while Java is enabled in Safari
This vulnerability does not affect OS X 10.7 in its default state. So OS X, as Apple currently ships it has no known security flaws. OS X 10.6 has 1. Far better than the alternatives I reckon.
Users always needs to be cautious over phishing scams and malware distributed via 3rd parties though.