or Connect
AppleInsider › Forums › Software › Mac OS X › 'Flashback' trojan estimated to have infected 600K Macs worldwide
New Posts  All Forums:Forum Nav:

'Flashback' trojan estimated to have infected 600K Macs worldwide - Page 3

post #81 of 125
Quote:
Originally Posted by majortom1981 View Post

he is wrong though. Most so called virus's that infect windows machines get installed the same way one would get installed on a mac. By the user running the program as an admin. On a mac the user would just type in their password when the prompt comes up and it would install itself.

Mac users keep saying windows is inherently bad and mac cannot be touched. Thats not true. OSX is just as insecure as windows when it comes to the main thing that is getting installed on machines today.

Also a real antivirus does stop a trojan from even running. So as more of these trojans for mac appear having a virus scanner on a mac will help when it comes to users like parents who will just let anything run.

Let me break down your post:

1. You say i'm wrong but never actually point out any of my wrongful statements.

2. After saying i'm wrong, you start to talk rubbish about some "so called virus" when clearly i never said anything about a virus. If you see my post i talked about general malware which can contain a lot of clearly distinguishable categories (viruses, worms, trojans, spyware, backdoors, rootkits etc). Having said that i will however indulge and point out you are mislead into thinking that viruses (so called ?) infect the same way Macs as PCs running Windows. If you were talking about trojans you were probably right to some extent because as another poster pointed out before me a trojan is nothing else really than a lie and you can't fully protect yourself from a lie other than through safe computing and common sense. But i suspect you were talking generally because of your next paragraph which is completely and utterly FALSE. I will explain in #3.

3. OS X is generally much safer than Windows, as is Linux, just by fundamental design. OS X as Linux, it's derived from Unix which doesn't have any of the limitations or inherited weaknesses as Windows, as per the below examples:

Quote:
Thanks to its extensive use of battle-hardened Unix and open source software, Mac OS X also has always had security precautions in place that Windows lacked. It has also not shared the architectural weaknesses of Windows that have made that platform so easy to exploit and so difficult to clean up afterward, including:

the Windows Registry and the convoluted software installation mess related to it,
the Windows NT/2000/XP Interactive Services flaw opening up shatter attacks,
a wide open, legacy network architecture that left unnecessary, unsecured ports exposed by default,
poorly designed network sharing protocols that failed to account for adequate security measures,
poorly designed administrative messaging protocols that failed to account for adequate security,
poorly designed email clients that gave untrusted scripts access to spam ones own contacts unwittingly,
an integrated web browser architecture that opened untrusted executables by design, and many others.

Source: http://www.roughlydrafted.com/2008/0...malware-crown/

4. In your last paragraph you get back to trojans (that's the reason i said earlier you are confused by what a trojan is, how it works and what a virus is). You tend to overlook some points from my earlier posts. An AV is generally as effective as the user is vigilant and as it has the latest up to date signatures. So and AV will never protect you from nothing from a 0 day attack. Think about it: AV companies have to be diligent enough to be on the lookout for Mac malware (which is little interest for them anyway because of a lower marketshare the Mac occupy in the world), but generally speaking first malware is released then AV companies are playing catchup. In that time period you WILL be fully exposed. Even after let's suppose you get the up to date signatures for the latest malware, if the user is too dumb (sorry for the blunt expression) to practice safe computing and common sense there is a chance the dumb user will force the AV software to overlook the warning or allow the program to run (if we talk about trojans) since for example he desperately wants to look at that porn app he just downloaded, app though which he can download unlimited porn movies.

So as you can see, as explained in my original post, AV software is NOT a magical barrier from heavens, un-passable, impenetrable, flawless in design, and perfect in function. It's just a pice of software and i said that ALL software is not perfect (OS X is not different).
post #82 of 125
Hi. I've been a lurker here for a very long time. I really don't ever have anything to add to any discussions, I usually just like to read. Today, I am compelled to post because I think I screwed up. I have to get home and check this out later, but 2 or 3 days ago I authorized what I though were legitimate Flash and software updates on my Snow Leopard iMac, and I believe that I may have activated this malware. I have the manual removal procedure, which I will perform later. I have read about Little Snitch as well, and will probably get it today. But if I did activate this crap, is it too late? Is it now irrelevant whether I perform the removal or not? I realize my error, but I am pleading for advice here. Will someone please tell me what I should do in addition to the manual removal of this Trojan. I am not an advanced user. Please help in any way you can, and perhaps your responses will be helpful for others. Thank you very much!!
post #83 of 125
Quote:
Originally Posted by Thorin View Post

Hi. I've been a lurker here for a very long time. I really don't ever have anything to add to any discussions, I usually just like to read. Today, I am compelled to post bcause I think I screwed up. I have to get home and check this out later, but 2 or 3 days ago I authorized what I though were legitimate Flash and software updates on my Snow Leopard iMac, and I believe that I may have activated this malware. I have the manual removal procedure, which I will perform later. I have read about Little Snitch as well, and will probably get it today. But if I did activate this crap, is it too late? Is it now irrelevant whether I perform the removal or not? I realize my error, but I am pleading for advice here. Will someone please tell me what I should do in addition to the manual removal of this Trojan. I am not an advanced user. Please help in any way you can, and perhaps your responses will be helpful for others. Thank you very much!!

Try here:
http://www.f-secure.com/v-descs/troj...shback_i.shtml
Command & Conquer
Reply
Command & Conquer
Reply
post #84 of 125
Quote:
Originally Posted by egrar View Post

Try here:
http://www.f-secure.com/v-descs/troj...shback_i.shtml

Thanks for the response. Yes, I have that link, and will perform that when I get home. My fear is that I already activated something evil by entering passwords, and that it's now too late. Am I off track here? I saw the news this morning, and before I left home, I unplugged the ethernet cable to isolate it and left a note to my wife to not use the machine for now. Thanks!
post #85 of 125
Quote:
Originally Posted by Thorin View Post

Thanks for the response. Yes, I have that link, and will perform that when I get home. My fear is that I already activated something evil by entering passwords, and that it's now too late. Am I off track here? I saw the news this morning, and before I left home, I unplugged the ethernet cable to isolate it and left a note to my wife to not use the machine for now. Thanks!

Yes, by now it is too late. Since it was installed, it will have logged all text entry in Safari and sent it to a remote server. It may take a while before someone chooses your details out of 600,000 to exploit but you need to fix it immediately. You need to remove the trojan first by following the instructions and after removal, reboot the machine to ensure it's not running and verify that it's gone. Then change passwords for all online accounts. You can change online passwords using another machine e.g iPhone or iPad.

I wonder if this is how some iTunes accounts have been compromised, by people logging onto the Apple Store.
post #86 of 125
Quote:
Originally Posted by Marvin View Post

Yes, by now it is too late. Since it was installed, it will have logged all text entry in Safari and sent it to a remote server. It may take a while before someone chooses your details out of 600,000 to exploit but you need to fix it immediately. You need to remove the trojan first by following the instructions and after removal, reboot the machine to ensure it's not running and verify that it's gone. Then change passwords for all online accounts. You can change online passwords using another machine e.g iPhone or iPad.

I wonder if this is how some iTunes accounts have been compromised, by people logging onto the Apple Store.

Will do ASAP. Thank you!!!
post #87 of 125
Well this example shows the vulnerability within Java and Flash, it was just done on the Mac platform for updates OUTSIDE of the Apple app store is how i look at it, but the media puts the vulnerability on Apple. Yeah, it is Apple's name on the front of the computer, but I see Apple doing their job in getting Sun to release a security update and Apple screens applications and updates on their own app store to prevent this from happening. This would have been prevented if Flash and Java didn't have THEIR respective vulnerabilities.
post #88 of 125
For those that discovers their computer was actually infected with this virus, HOW did you detect it? When I read the info on F-Secure's site about this virus, I did NOT see any instructions/guidance regarding how to detect it.
post #89 of 125
Quote:
Originally Posted by AMCarter3 View Post

For those that discovers their computer was actually infected with this virus, HOW did you detect it? When I read the info on F-Secure's site about this virus, I did NOT see any instructions/guidance regarding how to detect it.

I haven't gotten home to do it yet, but it appears to be a condition that it will tell you if you are NOT infected if you get the following message "The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist" .

The reason I am fairly sure I have it is because just the other day I (like an idiot) authorized a Flash update. Earlier I went to Adobe's Flash update page, and it appears that they haven't put out an update for months.
post #90 of 125
I don't understand how to detect this virus. Could someone explain to me how to do it?
post #91 of 125
Quote:
Originally Posted by Thorin View Post

Will do ASAP. Thank you!!!

Whats your default Web browser, try using Chrome, it uses its own java plugins not relying on
Apple's Java updates.. when Chrome updates, it also updates its plugins.. This is based on my Linux experience.. I also use Firefox here in Mac OS lion but I prefer Chrome.. Installed Bitdefender (available in Apps Store) for quick system scan.. Load application monitor, find any processes that deals with Java and kill it. Ahhh missed my virus hunting days with M$ Windows...

PS : Firefox for Mac looks for Mac OS X java plugins..
Command & Conquer
Reply
Command & Conquer
Reply
post #92 of 125
Quote:
Originally Posted by AMCarter3 View Post

I don't understand how to detect this virus. Could someone explain to me how to do it?

You'l have to perform the procedure in the terminal described here: http://www.f-secure.com/v-descs/troj...shback_i.shtml

If you get the message I posted above, your system is clean.
post #93 of 125
Quote:
Originally Posted by AMCarter3 View Post

I don't understand how to detect this virus. Could someone explain to me how to do it?

via Launchpad -> utilities-> Terminal; (you need to get those hands dirty!)

but found an easy way!
http://mashable.com/2012/04/05/mac-f...check/?cnn=yes

Somebody already made a script here.

Hope it helps.
Command & Conquer
Reply
Command & Conquer
Reply
post #94 of 125
I have a Time Machine backup to an external USB drive that I did before any of this happened (this drive is only connected when doing a backup). If I did a restore from it, would it undo all of this madness?
post #95 of 125
Quote:
Originally Posted by egrar View Post

Whats your default Web browser, try using Chrome, it uses its own java plugins not relying on
Apple's Java updates.. when Chrome updates, it also updates its plugins.. This is based on my Linux experience.. I also use Firefox here in Mac OS lion but I prefer Chrome.. Installed Bitdefender (available in Apps Store) for quick system scan.. Load application monitor, find any processes that deals with Java and kill it. Ahhh missed my virus hunting days with M$ Windows...

PS : Firefox for Mac looks for Mac OS X java plugins..

I've been using Safari almost exclusively; looks like it's time to give Chrome a try. And thanks for that last link.
post #96 of 125
Quote:
Originally Posted by Thorin View Post

I have a Time Machine backup to an external USB drive that I did before any of this happened (this drive is only connected when doing a backup). If I did a restore from it, would it undo all of this madness?

According to this

http://arstechnica.com/apple/news/20...rotections.ars

this trojan has been targeting Mac since 2009? check your system first before doing anything..
Command & Conquer
Reply
Command & Conquer
Reply
post #97 of 125
Will do. Thanks again.
post #98 of 125
Quote:
Originally Posted by adamw View Post

I WAS infected with this Trojan, until I saw this article and followed the uninstall instructions. The trojan installed without my permission ~ March 3rd according to the file date of the trojan that was installed.

I had the variant that installed in my global preferences and intercepted my Safari screen characters and keystrokes. It got access to my Mac using Java, without me typing the Admin password or notifying me to install it. This stealth trojan had been running for about a month now, before I discovered it.

I have now turned off Java, and updated to the latest Apple supplied version of Java which they just released a day or so ago. This exploit in Java has been known since February, and I am very annoyed with Apple for not fixing their version of Java, and notifying us of this earlier. It would have likely prevented the Java hole to exist that this trojan exploited to infect my Mac Pro without my knowledge.

I was unhappy to find out today that I had this trojan installed on my Mac Pro, but I am relieved now that I was able to uninstall it. I changed my various online account passwords, to prevent the people who ran this botnet from using my personal account names and passwords.

I thought my Mac was more secure than this. I appreciate the reports about this trojan, which caused me to check, and let me know my Mac had been compromised.


Just out of curiosity, which os X version do you have on your apple mac pro?
post #99 of 125
Quote:
Originally Posted by audio_inside View Post

Wow, so this is all I have to do to protect my Mac?

Code:

sudo touch "/Library/Little Snitch"

Hell, that cracked me up!!
post #100 of 125
Anyone of you who think just because you use a Mac and are careful you're not going to get infected is playing Russian roulette with your data. It's your data to lose though so feel free.

2011 13" Core i5 Macbook Pro | Intel 520 SSD | 8GB Corsair DDR3 1333 | OSX 10.7
iPhone 4S - AT&T

iPad 3 Wi-Fi

Reply

2011 13" Core i5 Macbook Pro | Intel 520 SSD | 8GB Corsair DDR3 1333 | OSX 10.7
iPhone 4S - AT&T

iPad 3 Wi-Fi

Reply
post #101 of 125
Quote:
Originally Posted by AHrubik View Post

Anyone of you who think just because you use a Mac and are careful you're not going to get infected is playing Russian roulette with your data. It's your data to lose though so feel free.




Well, it looks like I'm clean after all. I was sure that I had allowed it to install itself though, because I am certain that I let it do a "Flash update" just a few days ago. So, I don't know WTF happened. Thanks for the tips. Also trying out the Little Snitch demo right now, pretty cool.
post #102 of 125
For those using FireFox, the No Scripts plug-in is also a worthy add-on.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #103 of 125
For those who still don't believe that the trojan is real, Kaspersky confirmed it and explained how they got the number: https://www.securelist.com/en/blog/2...tnet_confirmed
post #104 of 125
Quote:
Originally Posted by Thorin View Post

I've been using Safari almost exclusively; looks like it's time to give Chrome a try. And thanks for that last link.

Chrome would only help prevent the Java exploit, there are other install methods it uses, some methods disable Little Snitch. The actual trojan is a dynamic library that is preloaded and overrides application or system libraries:

http://hactheplanet.com/blog/80

This functionality seems quite dangerous to me. I can't imagine many legitimate scenarios that would require overriding code like this. Apple should certainly consider preventing code injection into critical apps like browsers.

The other problem is that reports of Apple patching the Java version will make people feel safer but that's neither removing the trojan nor is it preventing the trojan from being installed via some other method. The trojan is running from the Users folder ~/Application Support and /Users/Shared - not areas that require higher write privileges.

Apple needs to take some drastic action on this one. 600,000 installations is not a trivial amount.
post #105 of 125
Quote:
Originally Posted by theghost View Post

For those who still don't believe that the trojan is real, Kaspersky confirmed it and explained how they got the number: https://www.securelist.com/en/blog/2...tnet_confirmed

Mildly surprised they came up with the same infection numbers, around 600K and probably rising.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #106 of 125
http://reviews.cnet.com/8301-13727_7...are-infection/

Lets get out of that Apple shell, and deal with the truth.. this trojan is real and its out there..
protect your privacy, clean up your system, change your online account passwords..
Command & Conquer
Reply
Command & Conquer
Reply
post #107 of 125
Dr. Web, the same company who counted infections, can also tell you if you're one of the unlucky ones, matching you with their list of infected machines.

Details at CNET
http://news.cnet.com/8301-27076_3-57...?tag=cnetRiver
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #108 of 125
Close your eyes tight, use both hands to cover your ears, turn your head repeatedly left and right and repeat after me, "Macs cannot get viruses or malware or whatever bad things that are out there."

There, there. Feel better now?
post #109 of 125
Weird thing here, I use ClamXav on both my iMac and MacBook Air. ClamXav discovered the Flashback trojan file on both computers, yet the trojan hadn't spread (did the advised Terminal commands).

To double check, I did defaults write com.apple.Finder AppleShowAllFiles TRUE and killed Finder, turns out it was hiding. I'd advise doing this too, to your Home folder.
post #110 of 125
Quote:
Originally Posted by Thorin View Post

I've been using Safari almost exclusively; looks like it's time to give Chrome a try. And thanks for that last link.

Leaving Safari for this reason only, doesn't make much sense. Just disable Java (not Javascript) in Safari Prefs and the browser won't run any Java on any of these malware sites. It's also wise to disable "open safe programs automatically," in the prefs too since you really shouldn't open any program ever automatically, especially if you run as an administrator.
post #111 of 125
clamxav and intego pce (both provided in mac app store) are on demand av, so I think there's no reason for user not to install them. Since it won't us any resource while not running scan.

Little snitch is a great firewall, TCPBlock is the free alternative for more tech savvy user
post #112 of 125
Quote:
Originally Posted by AppleInsider View Post

A trojan horse named "Flashback" that surfaced last year is believed to have created a botnet including more than 600,000 infected Macs around the world, with more than half of them in the U.S. alone.

Russian antivirus company Dr. Web issued a report on Wednesday noting that 550,000 computers running OS X had been infected by BackDoor.Flashback variants of the malware, as highlighted by ArsTechnica.

An analyst for the company later updated the figure to note that the size of the botnet had reached 600,00. He also pointed out that 274 bots are originating from Apple's hometown of Cupertino, Calif.

According to a map released by the firm, 56.6 percent of infected computers are located in the United States. Canada was second with 19.8 percent, followed by the U.K. with 12.8 percent of cases.

Apple released a Java Security update on Tuesday to resolve the vulnerabilities that the malware is exploiting, but not before a number of Mac users had been hit with the malicious software. Oracle first issued a fix for the vulnerability in February.




Security firm Intego publicized the Flashback trojan last September. Some variants of the software were even discovered with the potential to disable anti-malware protections within OS X.

Researchers F-Secure have provided instructions on how to detect and remove the malware.

[ View article on AppleInsider ]


********************

The fix commands that I read look very intimidating.
Then there is an applet available ...
BUT, how do I know that the command I am to enter or applet to run comes from the white hats ?
I hope this is not showing extreme ignorance; but I need to know this fix can be trusted at least as much as an Apple Software Update.

Also, I boot into Lion from an external Firewire drive. My internal drive, in my MBP iCore7, runs the latest SL. So, are they both in danger or only Lion ?

Thanks,
---gooddog

/
: * ] AAAAaaaRRRrrrFFFFff !!!
\
Reply
---gooddog

/
: * ] AAAAaaaRRRrrrFFFFff !!!
\
Reply
post #113 of 125
It seems that the malware may not in fact be stealing passwords but redirecting search results:

http://www.pcadvisor.co.uk/news/secu...ave-600k-macs/

"In a Twitter reply to security blogger Brian Krebs, Dr Web's Ivan, said the Trojan is not trying to steal passwords, but rather hijacking Google search results, which means Google itself is not affected, but the Trojan manipulates Google search results returned to the infected Mac.

In other words, it could lead the user to a site that could host malware or generate cash for the botnet controllers through referral programs."

https://twitter.com/#!/hexminer/stat...27438346473472

If that's the case, it makes the malware a lot less serious but precautions are worth taking in case different payloads do different things.

Of course, redirecting traffic could mean that they redirect the results of a search for Paypal to a fraudulent Paypal site and capture your password that way. That would actually be an easier way than scanning for input text. Entering the URLs directly into the browser will avoid visiting malicious sites.
post #114 of 125
Quote:
Originally Posted by irnchriz View Post

OMFG I'm infected




NOT.


I'm sure 600,000 other smug people are saying the same thing....
post #115 of 125
Quote:
Originally Posted by pondosinatra View Post

I'm sure 600,000 other smug people are saying the same thing....

And being perfectly correct. I don't expect more than about 80,000 to actually have this.
post #116 of 125
Quote:
Originally Posted by Tallest Skil View Post

And being perfectly correct. I don't expect more than about 80,000 to actually have this.

And your methodology was...?

Kaspersky Labs, a security firm that some people have heard of, reproduced Dr. Web's estimates:

https://www.securelist.com/en/blog/2...tnet_confirmed

The methodology used is sound and accepted. It's a hard count of bots that check in - it's not based on statistical sampling, modeling or mathematical extrapolation. It's literally just counting the number of bots that phone home to the mothership. It couldn't be more straightforward. Until you can provide an explanation for why their procedure is wrong, I'll take Kaspersky's and Dr. Web's number over yours.
post #117 of 125
we know how this trojan works... now protect your mac!
without installing anything to your apple.

http://blog.opendns.com/2012/04/09/w...et-up-opendns/
Command & Conquer
Reply
Command & Conquer
Reply
post #118 of 125
Quote:
Originally Posted by ddarko View Post

And your methodology was...?

Kaspersky Labs, a security firm that some people have heard of, reproduced Dr. Web's estimates:

https://www.securelist.com/en/blog/2...tnet_confirmed

The methodology used is sound and accepted. It's a hard count of bots that check in - it's not based on statistical sampling, modeling or mathematical extrapolation. It's literally just counting the number of bots that phone home to the mothership. It couldn't be more straightforward. Until you can provide an explanation for why their procedure is wrong, I'll take Kaspersky's and Dr. Web's number over yours.

Kaspersky has a dog in this fight. They are in this to sell Malware prevention software and are the last source I'd use to develop any sort of accurate estimate.

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply
post #119 of 125
Quote:
Originally Posted by John.B View Post

Kaspersky has a dog in this fight. They are in this to sell Malware prevention software and are the last source I'd use to develop any sort of accurate estimate.

That's nothing more than an ad hominem argument - question the motive of the person making the argument without addressing the argument itself. I'm still waiting to hear what the flaw or defect in their procedure is. Let me ask again: what's wrong with their methodology? Everyone has a financial stake in this. Apple is self-interested to minimize or underplay the extent of the infection. If you're so troubled by the self-interest of the security firms, why aren't you equally skeptical of Apple due to their corresponding self-interest? Funny double standard.

Just because Kaspersky the company sells security software doesn't mean the specific findings of some of its researchers are lies. Kaspersky and Dr. Web have publicly outlined how they reached their estimate. You're so skeptical then reproduce it yourself or better yet, point out what's wrong with Kaspersky and Dr. Web's methodology. If you're saying their methodology is sound but they're just flat-out lying about the number, then what's your proof of their dishonesty? Is the "proof" that you "know" they're lying because they're self-interested? That's a conspiracy theory, not a serious argument.

And by the way, Symantec posted a very interesting blog post today about Flashback that provided another independent confirmation of the initial 600,000 infection rate (three independent confirmations but since they're all security companies, they're all lying, right?). But there's some good news - using the same sinkhole server technique that Dr. Web and Kaspersky used, they've tracked that the number of infected machines contacting the command servers has been steadily dropping, down from 600,000 on April 5 to 380,000 on April 10 to 270,000 on April 11. They don't address how many machines are being cleaned of the trojan versus how many are still infected but are being prevented from contacting the command servers by DNS blocks like the one Open DNS has set up. Symantec also provide additional details about how the trojan generates new domain names each day for infected bots to contact:

Quote:
OSX.Flashback.K uses a domain name generator (DNG) algorithm that allows it to generate a new domain each day in order to contact the command-and-control (C&C) server. The domains for the next few days can be seen below. These domains are currently sink-holed by Symantec Security Response so that we can gather more statistics data on the size of the infection over the course of the week and in effect prevent Flashback from contacting the C&C server to receive further instructions.

In other words, Symantec has registered the future domain names that the botnet was set to contact, preempting the botnet writers and preventing them from setting up servers there.

Quote:
We have also identified a number of distinct IP addresses that are used in the OSX.Flashback.K variant.

The “.com” domains were registered on March 26th and April 4th. These dates fall in line with the preparation for the recent Flashback attack. These IP addresses hosted the exploit itself (CVE-2012-0507) in order to install OSX.Flashback.K, serve up additional payloads, and record statistical data sent to the server from the Flashback Trojan. The IP addresses are no longer serving malicious content related to OSX.Flashback.K; however, we are monitoring the situation closely should the Flashback gang decide to redistribute their operations.

Based on the registration dates of domain names, it seems the botnet writers started setting up the command and control servers during the week right before they launched the attack. It's interesting stuff and can be read in full here:

http://www.symantec.com/connect/blog...ns-down-270000
post #120 of 125
Quote:
Originally Posted by ddarko View Post

I'm still waiting to hear what the flaw or defect in their procedure is. Let me ask again: what's wrong with their methodology?

I cannot tell about Dr. Web but here is what I found about Kaspersky. The have set up a web site where you can check if a Mac has been infected by the Flashback/Flashfake trojan, based on its UUID. I did the check and my Macbook was found infected. But I know it is not since I already ran the available tools (command-line from f-secure and the Symantec utility) to check this out for myself. So, I am clean and Kasperksy insists that I am not. Two explanations come into mind:

(1) They are liars and their intention is to increase sales.
(2) Their methodology is fundamentally flawed.

If you have any other explanations I am very curious to hear them.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › 'Flashback' trojan estimated to have infected 600K Macs worldwide