or Connect
AppleInsider › Forums › Software › Mac OS X › Apple working on software to detect and remove Flashback trojan
New Posts  All Forums:Forum Nav:

Apple working on software to detect and remove Flashback trojan

post #1 of 48
Thread Starter 
Apple revealed on Tuesday that it is currently developing software to detect and remove the Flashback malware that has infected an estimated 600,000 Macs worldwide.

The Cupertino, Calif., company made mention of the upcoming tool in a regarding the malicious software, as noted by Jim Dalrymple of The Loop. The document also pointed users to last week's Java update that patched the security flaw that the virus was exploiting.

"In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network," the company said.

Apple also advises Macs running OS X 10.5 or earlier to disable Java in their browser preferences.

The Flashback trojan horse was first discovered last September. The malware posed as a phony Adobe Flash Player installer in order to trick users into installing it. At the time, a security first categorized the threat as "low." The current version of Flashback used the Java vulnerability to create a botnet that could mine personal information from unsuspecting users.

Evidence of Apple's efforts to contact ISPs surfaced earlier on Tuesday when a Russian security firm revealed that the company had targeted one of its servers as being "involved in a malicious scheme." Dr. Web chief executive Boris Sharov said the server was "not doing any harm to users" and was being used to monitor the spread of the virus.

Sharov noted that the relative rarity of Apple security issues meant that Dr. Web hadn't established close ties with the company. "For Microsoft, we have all the security response team’s addresses,” he said. “We don’t know the antivirus group inside Apple.”




Last week, a Dr. Web analyst claimed that 600,000 Macs around the world had been infected by the Flashback malware. 56.6 percent of those infections are reportedly located in the U.S.


[ View article on AppleInsider ]
post #2 of 48
Quote:
Originally Posted by AppleInsider View Post

[...]


The Flashback trojan horse was first discovered last September. The malware posed as a phony Adobe Flash Player installer in order to trick users into installing it.[...]

There's your problem, there. Nobody should install Flash. Period.
post #3 of 48
Quote:
Originally Posted by Splash-reverse View Post

There's your problem, there. Nobody should install Flash. Period.

But it's a Java problem

Fortunately, Apple already has software that takes care of it.

It's called LION. Neither Flash nor Java come with Lion.

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #4 of 48
As long as Apple distributes a version of Java, it must live up to its responsibilities to patch that version promptly with security updates. Patching a known security vulnerability 2 months after Oracle did is unacceptable.
post #5 of 48
Look for Apple to introduce zero tolerance in Mountain Lion.
post #6 of 48
Quote:
Originally Posted by Tallest Skil View Post

But it's a Java problem…

Fortunately, Apple already has software that takes care of it.

It's called LION. Neither Flash nor Java come with Lion.

That's ridiculous. Why is Java updates distributed through the built-in Mac OS software update mechanism? Java may be third party software and no longer included in the latest Mac OS but it continues to be accorded special status by Apple. How did Apple distribute the Java updates that close this security hole? Not by telling you go to Oracle to download the update but sending it out through the OS software update.

Quote:
Originally Posted by JavaCowboy View Post

As long as Apple distributes a version of Java, it must live up to its responsibilities to patch that version promptly with security updates. Patching a known security vulnerability 2 months after Oracle did is unacceptable.

Completely agree. Just as Microsoft is the keeper and bears responsibility for the security of the Windows platform, so Apple bears an equivalent obligation to work with third party software vendors - especially big ones like Oracle, run by Steve Jobs' best friend - to maintain the security of the Mac ecosystem. Its responsibility extends beyond the software it writes. Even John Gruber has now acknowledges that Flashback is an "epidemic" (because its infection rate is as big/bigger than the infection rate of the Windows Conflicker trojan) and a genuine problem. Pretending the "solution" to security holes is not to run software is ridiculous. Security holes area inevitable so they have to be patched quickly when found. Hopefully this will be bitter lesson for Apple to beef up their security practices.
post #7 of 48
This is a welcome move, but Apple should have patched the flaw weeks ago, and barring that, made today's announcement last Friday when the story first broke. People expect Macs to not need anti-malware software, partly because of Apple's own marketing, so they need to get the message out. Either we need to start using third party software, or Apple can pledge to take care of the issues itself. Either way, people need to know.
post #8 of 48
Quote:
Originally Posted by JavaCowboy View Post

As long as Apple distributes a version of Java, it must live up to its responsibilities to patch that version promptly with security updates. Patching a known security vulnerability 2 months after Oracle did is unacceptable.

Amen!

Apple is doing good stuff now to fix the problem but these fixes are about 2 months too late. Apple owns this one. And to think I finally got my parents to buy a Mac last month...
Just say no to MacMall.  They don't honor their promotions and won't respond to customer inquiries.  There are better retailers out there.
Reply
Just say no to MacMall.  They don't honor their promotions and won't respond to customer inquiries.  There are better retailers out there.
Reply
post #9 of 48
Computers will never be safe when people who don't know how to use them are in control. It'd be like putting a preteen at the wheel of a truck, what do you expect is going to happen?
post #10 of 48
Oracle is currently working on a Mac version of Java 7 for OS X, but the end user version won't be ready until the fall. Currently, only Apple distributes any version of Java for OS X.

Quote:
Originally Posted by ddarko View Post

That's ridiculous. Why is Java updates distributed through the built-in Mac OS software update mechanism? Java may be third party software and no longer included in the latest Mac OS but it continues to be accorded special status by Apple. How did Apple distribute the Java updates that close this security hole? Not by telling you go to Oracle to download the update but sending it out through the OS software update.



Completely agree. Just as Microsoft is the keeper and bears responsibility for the security of the Windows platform, so Apple bears an equivalent obligation to work with third party software vendors - especially big ones like Oracle, run by Steve Jobs' best friend - to maintain the security of the Mac ecosystem. Its responsibility extends beyond the software it writes. Even John Gruber has now acknowledges that Flashback is an "epidemic" (because its infection rate is as big/bigger than the infection rate of the Windows Conflicker trojan) and a genuine problem. Pretending the "solution" to security holes is not to run software is ridiculous. Security holes area inevitable so they have to be patched quickly when found. Hopefully this will be bitter lesson for Apple to beef up their security practices.
post #11 of 48
Quote:
Originally Posted by JavaCowboy View Post

Oracle is currently working on a Mac version of Java 7 for OS X, but the end user version won't be ready until the fall. Currently, only Apple distributes any version of Java for OS X.

Thanks for correcting my mistake. That only strengthens your point that Apple bears responsibility for this massive screwup.
post #12 of 48
Quote:
Originally Posted by ddarko View Post

Thanks for correcting my mistake. That only strengthens your point that Apple bears responsibility for this massive screwup.

I really don't see how. Sure, Oracle issued a patch a while ago, but Apple isn't going to just release the update through its servers without testing the update.

Moreover, the extent of the issue has only come to light recently when a third party security expert made its findings public. Apple has always evaluated threats before reacting. Nine out of ten times it is the right approach. Time will tell here.

Although there appears to be a significant number of Macs infected (I know nobody personally), there has been no real damage to users. The malware is merely being used for click link purposes, meaning companies like Google are likely the real victim. Maybe Apple is behind the malware.
post #13 of 48
Quote:
Originally Posted by Tallest Skil View Post

But it's a Java problem

Fortunately, Apple already has software that takes care of it.

It's called LION. Neither Flash nor Java come with Lion.

How many Mac users do you suppose there are who never access a YouTube video (which requires Java to be enabled)? Not many...meaning that Apple better plan on people downloading it even if Apple doesn't distribute it on Lion.
post #14 of 48
Quote:
Originally Posted by razorpit View Post

Amen!

Apple is doing good stuff now to fix the problem but these fixes are about 2 months too late. Apple owns this one. And to think I finally got my parents to buy a Mac last month...

1. your parents Mac won't have Java on it unless they go and download it, same with Flash

2. This is NOT Apple's software. In truth they have no obligation to do any fixes to Java or anything else. Oracle is to blame for the exploit and they should have fixed it and released the patches for Mac OS and they should be the ones writing the clean up software.
post #15 of 48
Quote:
Originally Posted by Felix01 View Post

How many Mac users do you suppose there are who never access a YouTube video (which requires Java to be enabled)?

No it doesn't. I know this because I'm on Youtube all the time and I have no Java on my computer. No Flash player either and don't need it thanks to the HTML5 alt player
post #16 of 48
Quote:
Originally Posted by Felix01 View Post

How many Mac users do you suppose there are who never access a YouTube video (which requires Java to be enabled)?

You don't though.

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #17 of 48
Quote:
Originally Posted by Felix01 View Post

How many Mac users do you suppose there are who never access a YouTube video (which requires Java to be enabled)? Not many...meaning that Apple better plan on people downloading it even if Apple doesn't distribute it on Lion.

Are you smoking something or just dizzy from spinning stories? Java has nothing to do with watching a youtube video. Java is not even installed on my iMac yet youtube works just fine.
post #18 of 48
Quote:
Originally Posted by Felix01 View Post

How many Mac users do you suppose there are who never access a YouTube video (which requires Java to be enabled)? Not many...meaning that Apple better plan on people downloading it even if Apple doesn't distribute it on Lion.

I think you mean Flash there. Also, you don't need to use Flash at all if it's using HTML5 video. Flash, PDF and Java are the biggest security issues ever invented.
post #19 of 48
I don't think it'll be long for the Mac. Remember, just a few months ago, they claimed that the Mac version would be made by Oracle? Wonder what went wrong there?

What would we miss if Java went away?
post #20 of 48
This is all good news and all, but how about Apple fix the problem with iPad not properly backing up if there are too many photos on the roll in the iOS Photo app? This is elementary stuff, guys!

Proud AAPL stock owner.

 

GOA

 

Get the lowdown on the coming collapse:  http://www.cbo.gov/publication/45010

Reply

Proud AAPL stock owner.

 

GOA

 

Get the lowdown on the coming collapse:  http://www.cbo.gov/publication/45010

Reply
post #21 of 48
Quote:
Originally Posted by Splash-reverse View Post

There's your problem, there. Nobody should install Flash. Period.

Isn't flash required to use YouTube? There goes 95% of my fun!
post #22 of 48
Whiners! If I connect to the internet, or access any outside file, I am responsible for any virus attack or malware on my computer. Where is it written in the software license for OSX, that Apple guarantees my iMac to be free from virus and malware threats? I hear them say in their ads that they work to prevent such an occurrence, but I see no promise. I was not endangered by Flashback because I had installed protection, which I obtained for free, as anyone could. Take responsibility and protect yourself. It's not difficult or expensive.

We've always been at war with Eastasia...

Reply

We've always been at war with Eastasia...

Reply
post #23 of 48
I can't wait for the day when we can run our office sans Java, but it isn't happening any time soon. The industrial strength accounting apps require it and the programmers are slow to change.

Apple is going to have to give this issue more time and energy.
post #24 of 48
Was it not impossible to have a virus on OS X?

Apple's superior OS was responsible for that!

But now that there is a virus, it would all of the sudden be some third party's responsibility to fix this mess?

Well, why don't we just merely buy some antivirus software for OS X and perform the same tiresome procedure as in Windows? Or just go back to Windows altogether as at least these guys seem to know how to cope with viruses.
post #25 of 48
Hackers should be set in stocks in the public square and pelted with rotten vegetables.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #26 of 48
Quote:
Originally Posted by tyler82 View Post

Isn't flash required to use YouTube? There goes 95% of my fun!

There is HTML5 for this; see a few posts above. All you need to do is to type in the URL field of your browser

http://www.youtube.com/html5

and YouTube will tell you the rest.
post #27 of 48
Quote:
Originally Posted by Tallest Skil View Post

But it's a Java problem…

Fortunately, Apple already has software that takes care of it.

It's called LION. Neither Flash nor Java come with Lion.

True for new users. However you cannot just erase the already established base running Java and Flash that were by default included with Mac OS X. Not after a good number of years, so that the older versions could be considered as obsolete. Even so, in a related technical note Apple still refers to Leopard (10.5) saying that users should disable Java in their web browsers. They could even propose a "security update" for those users in the sense of a warning about the issue through the Software Update and offer the users the option to switch Java off. And of course have a Java update presto for 10.6 and 10.7 after Oracle fixed the issue.

Whatever happened with this trojan is Apple's fault, plain and simple.
post #28 of 48
Quote:
Originally Posted by Blitz1 View Post

Was it not impossible to have a virus on OS X?

This is a trojan, not a virus. This kind of exploit can happen to virtually any platform.

Quote:
Originally Posted by Blitz1 View Post

Apple's superior OS was responsible for that!

No, an OS cannot be held responsible for anything. It is Apple's responsibility that thought there is no risk and let the issue linger for about two months before issuing a security update.

Quote:
Originally Posted by Blitz1 View Post

But now that there is a virus, it would all of the sudden be some third party's responsibility to fix this mess?

Again this is not a virus. And in the case you missed it, Apple does not include anymore Java with Mac OS X. However, Apple has responsibility for the established user base still running older versions of Mac OS X.

Quote:
Originally Posted by Blitz1 View Post

Well, why don't we just merely buy some antivirus software for OS X and perform the same tiresome procedure as in Windows? Or just go back to Windows altogether as at least these guys seem to know how to cope with viruses.

Feel free to go back. Macs and PCs are just computers, not religion.
post #29 of 48
Quote:
Originally Posted by TBell View Post

I really don't see how. Sure, Oracle issued a patch a while ago, but Apple isn't going to just release the update through its servers without testing the update.

No one says Apple should release an update without testing it. What I say is Apple should release it as soon as possible, and two months later is not exactly that.

Quote:
Originally Posted by TBell View Post

Apple has always evaluated threats before reacting. Nine out of ten times it is the right approach. Time will tell here.

And you know how all this? If there is a security threat, and Flashback is known since a while ago, the company should be prepared as if the worse was coming. Especially when this same company is advertising its OS as the most secure and safe out of the box.

No, this was a big mistake from Apple's part; I only hope they learned the lesson.
post #30 of 48
Quote:
Originally Posted by razorpit View Post

...to think I finally got my parents to buy a Mac last month...

They are likely to be among the 99% of Mac owners who have not been infected, 99%!
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
post #31 of 48
To quote from AllThingsD, "Naturally, Windows apologists, sick of being the target of a decade of malware-based ridicule, were quick to jump up and down and scream that the Macs newfound market success has made it the next natural target for malware creators." In fact, most of the frothing at the mouth about this incident has come from Windows evangelists like Ed Bott at ZDnet.

That said, if you don't have security software and you're using highly exploitable plugins such as Java, don't be surprised if you are part of that 1% and it will likely happen again. It would be nice if Apple was more pro-active on the security front but there will always be an open window of vulnerability until the exploit is identified and patched.
post #32 of 48
Who cares whose fault it is. Apple wants good relationships with its customers so they should help them deal with this.

There's step by step instructions for how to check if you have it. Couldn't Apple have quickly turned this into an automated program, so that users could just click a button to find out it they have it?

If they almost have a fix to automatically remove it, then I can understand waiting to help people check if they have it. But if users have to wait much more than a couple of days, imo people would rather know if they have it now - and for those who do, wait until later next week to get a tool that automatically removes it.
post #33 of 48
I still suspect one of the AV companies is behind this. Once the PC era is over they are out of work unless they can find a way to fool newbie Mac users into buying their software. Maybe they didn't write and distribute this directly but some little off the books sub contract work perhaps? I wouldn't be surprised if DR Web's detection system was written at the same time as the Trojan ....
Use duckduckgo.com with Safari, not Google Search
Been using Apples since 1978 and Macs since 1984
Long on AAPL so biased. Strong advocate for separation of technology and politics on AI.
Reply
Use duckduckgo.com with Safari, not Google Search
Been using Apples since 1978 and Macs since 1984
Long on AAPL so biased. Strong advocate for separation of technology and politics on AI.
Reply
post #34 of 48
So it IS a Trojan. Jeeze the tech media is so ready for a virus to hit macs they don't even recognize the difference anymore!
post #35 of 48
Quote:
Originally Posted by ericblr View Post

So it IS a Trojan. Jeeze the tech media is so ready for a virus to hit macs they don't even recognize the difference anymore!

It's kind of in a middle ground.

A trojan typically does not exploit security holes to install. It installs with legit software.

Originally this was a trojan. Subsequent versions required no user interaction at all, which makes it more of a virus.

The only thing stopping it from being a true virus is there's no self-replication.
post #36 of 48
Quote:
Originally Posted by Swift View Post

What would we miss if Java went away?

Apple needs to ban Java on all iOS devices.
post #37 of 48
Quote:
Originally Posted by hill60 View Post

They are likely to be among the 99% of Mac owners who have not been infected, 99%!

Only 99%!?


More likely 99.99999999999999999999%!!!!
post #38 of 48
Quote:
Originally Posted by I am a Zither Zather Zuzz View Post

Apple needs to ban Java on all iOS devices.

Regarding OS X, Apple is already disconnected from the Java wagon. In a few years from now it could not be held responsible for this kind of vulnerability, if the security charge goes 100% to Oracle. But Apple should really learn the lesson from this screw-up and consider security issues really seriously. Probably the convergence of OS X and iOS in the upcoming Mountain Lion is a good thing after all, security-wise. Time will tell.
post #39 of 48
Quote:
Originally Posted by JavaCowboy View Post

As long as Apple distributes a version of Java, it must live up to its responsibilities to patch that version promptly with security updates. Patching a known security vulnerability 2 months after Oracle did is unacceptable.

It is a little more complicated than that. If the vulnerability had standards involved behavior fixes then Oracle would need to say what the official behavior should be and the Sun/Oracle Java team has never been known to nicely play with outsiders before the official release has been made.

It is possible Apple was somewhat hamstrung in being able to effectively start a fix because they were license constrained about what they could do before Oracle made certain conditions official.

I don't know this for sure in this case, but that exact problem has been a 10 year thorn in Apple's side with respect to Java. I am sure is one of the reasons they were thrilled to see the beginning of an Open Source Java 7 project. Get out from under the license restrictions that always made them Java-late, and put the security issues squarely back on the Java producer (Oracle) who now cannot treat OS X like a second class citizen, but just another part of the project.

I know that doesn't get a OS X 10.6 and earlier JVM out any faster, but I definitely believe laying the proper sharing of the responsibility for screwing things up needs to be done lest the player with the strong side of the license (Oracle now) is never given pressure to clean up their act.
.
Reply
.
Reply
post #40 of 48
Quote:
Originally Posted by Asherian View Post

It's kind of in a middle ground.

A trojan typically does not exploit security holes to install. It installs with legit software.

Originally this was a trojan. Subsequent versions required no user interaction at all, which makes it more of a virus.

The only thing stopping it from being a true virus is there's no self-replication.

The thing stopping it from being a virus is that a virus requires no explicit user action to do it's work, it just spreads through self propagation and piggybacking on other functionality to launch itself. Worms seplf propagate through self driven action not even needing to piggyback.

No this is still a good old fashioned Trojan Horse since the user has to be tricked to bring it inside the city walls in the first place. After that, well, even the Trojan's didn't open their horse on their own, it self deployed Odysseus and company.
.
Reply
.
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Apple working on software to detect and remove Flashback trojan