New Mac OS X Trojan disguises itself as Adobe Flash installer
A new Mac OS X Trojan Horse called "Flashback" attempts to trick users into installing it by appearing as Adobe's Flash Player installer package.
The Trojan Horse, discovered by security firm Intego, has been found on malicious web sites that invite users to install the phony Flash Player, telling them it is required to access certain content. Since Mac OS X Lion doesn?t come with Flash preinstalled, users must manually install it. Intego categorized the threat from Flashback as "low."
The new malware is said to specifically target Lion, and replicates the look and feel of the real Flash installer. It includes design elements and logos that could convince some users it is the actual official software from Adobe.
Once the Trojan is installed on the system, it will delete the installer package and deactivate some network security software. The code used by Flashback can be injected in certain applications run on the computer and the Trojan can connect to remote servers in order to send specific information about the infected computer -- including its MAC address, which is a unique identifier for every machine.
Lion users can protect themselves by downloading the official Flash Player installation player from Adobe. Users should also check the origin of any file claiming to be a Flash Player installer.
Users should also uncheck the "Open 'safe' files after downloading" option in Apple's Safari browser under General Preferences. This will help ensure that the Flashback installer is not automatically run if downloaded.
Users can also manually check to see whether they were infected by looking for the file "~/Library/Preferences/Preferences.dylib" on their Mac.
Apple has already distributed a malware definition update to block another Trojan horse, ?Trojan-Dropper:OSX/Revir.A,? described late last week as a malicious program posing as a PDF download.
The Trojan Horse, discovered by security firm Intego, has been found on malicious web sites that invite users to install the phony Flash Player, telling them it is required to access certain content. Since Mac OS X Lion doesn?t come with Flash preinstalled, users must manually install it. Intego categorized the threat from Flashback as "low."
The new malware is said to specifically target Lion, and replicates the look and feel of the real Flash installer. It includes design elements and logos that could convince some users it is the actual official software from Adobe.
Once the Trojan is installed on the system, it will delete the installer package and deactivate some network security software. The code used by Flashback can be injected in certain applications run on the computer and the Trojan can connect to remote servers in order to send specific information about the infected computer -- including its MAC address, which is a unique identifier for every machine.
Lion users can protect themselves by downloading the official Flash Player installation player from Adobe. Users should also check the origin of any file claiming to be a Flash Player installer.
Users should also uncheck the "Open 'safe' files after downloading" option in Apple's Safari browser under General Preferences. This will help ensure that the Flashback installer is not automatically run if downloaded.
Users can also manually check to see whether they were infected by looking for the file "~/Library/Preferences/Preferences.dylib" on their Mac.
Apple has already distributed a malware definition update to block another Trojan horse, ?Trojan-Dropper:OSX/Revir.A,? described late last week as a malicious program posing as a PDF download.
Comments
What? Steals your resources, slows down your computer, crashes your browser?
Run down the list and it fits perfectly.
Further research has shown the trojan is actually Adobe Flash itself and the installer actually is the Flash installer..
Dang you beat me to it! lol
Further research has shown the trojan is actually Adobe Flash itself and the installer actually is the Flash installer.
What? Steals your resources, slows down your computer, crashes your browser?
Run down the list and it fits perfectly.
Dang you beat me to it! lol
Apple has already distributed a malware definition update to block another Trojan horse, ?Trojan-Dropper:OSX/Revir.A,? described late last week as a malicious program posing as a PDF download
That's the problem with blacklists as an exclusive method. They need to be updated constantly. Heurisitics-based AV has been around for decades.
Further research has shown the trojan is actually Adobe Flash itself and the installer actually is the Flash installer.
What? Steals your resources, slows down your computer, crashes your browser?
Run down the list and it fits perfectly.
Dang you beat me to it! lol
New Mac OS X Trojan disguises itself as Adobe Flash installer
Disguise? Not. I can tell this is going to be one of those threads
That's the problem with blacklists as an exclusive method. They need to be updated constantly. Heurisitics-based AV has been around for decades.
I somewhat agree, but we've also seen how good Heuristics-Based AV has been working on Windows over the last couple decades... so obviously the magic bullet has yet to be found.
I think Apple is in a favourable position, in regards to black-lists, simply because they have the opportunity to start from the beginning. By the time MS realized they were vulnerable to viri, they were a long way behind the 8-ball.
Obviously, as nearly all Heuristic scanners will attest to, the best solution at the moment is actually a two-fold attack -- using both black-lists and Heuristics.
Apple has taken care of the black-list part, it's up to the user to find a Heuristics scanner that works.
That's the problem with blacklists as an exclusive method. They need to be updated constantly. Heurisitics-based AV has been around for decades.
For now a blacklist approach is far superior to the resource-intensive heuristic scanners which are necessary in Windows. If we get to a point where there are too many threats for Apple to handle easily then a heuristic approach will probably become the better choice. Additionally, trojans, depending on what they do once installed, often-times require some slightly more specific targeting (thus a definitions list update) to stop efficiently.
Obviously, as nearly all Heuristic scanners will attest to, the best solution at the moment is actually a two-fold attack -- using both black-lists and Heuristics.
No doubt. And being wise about what you click on is a good idea as well. I'm using a couple of free solutions for firewall and AV, set to monitor continuously. AdWare is taken care of occasionally, if as when necessary.
My father is incredibly gullible... He somehow manages to pick up most Trojans/malware/etc. out there. Now his Mac is painfully slow. I'm going to visit home this weekend, and I would like to tune-up his Mac. Is there a universal method to rid his computer of all malicious content? Thanks
Save all documents and personal data to a backup. Wipe and install the OS. Update it to the latest version. Then use Migration Assistant to reclaim docs and applications.
I regularly maintain my Mac with MainMenu Pro as well. It makes running maintenance scripts a breeze along with cleaning system/user cache and rebuilding spotlight when necessary.
My father is incredibly gullible... He somehow manages to pick up most Trojans/malware/etc. out there. Now his Mac is painfully slow. I'm going to visit home this weekend, and I would like to tune-up his Mac. Is there a universal method to rid his computer of all malicious content? Thanks
Save all documents and personal data to a backup. Wipe and install the OS. Update it to the latest version. Then use Migration Assistant to reclaim docs and applications.
Argh! The troll got you.
Argh! The troll got you.
What about that guy's post is in any way trollish?
He's asking a question that he wouldn't need to ask if he spent twenty seconds and read the actual article, but that's not trolling.
Save all documents and personal data to a backup. Wipe and install the OS. Update it to the latest version. Then use Migration Assistant to reclaim docs and applications.
Why would you do that?
Why not create a new user, see if that one is 'slow'. If it is not then you know its a setting/file issue on his Dads user account. Its incredibly unlikely that he has any malware and if he indeed has no malware you may actually identify what he has done to make it slow and prevent him from doing it again.
What about that guy's post is in any way trollish?
He's asking a question that he wouldn't need to ask if he spent twenty seconds and read the actual article, but that's not trolling.
Astro-turfing has become more sophisticated, more like astro-landscape gardening these days. I wonder how long before the original post is reposted on a Windows/Android forum as proof of Macs' vulnerability? 'Even posters on rabid Apple fan site AppleInsider are complaining...' etc etc.
I thought something was weird when I saw "Flash 11".
The one I downloaded rewrote the hosts file to point every google.* to another address. Guess they wanted to steal google logins?
The good thing is that you can check your installer log files to see what happened ;-)
Lion users can protect themselves by downloading the official Flash Player installation player from Adobe.
Whiskey, tango, foxtrot?
I'm sorry I'm a little lost here. So if I download Adobe Flash my computer will be safer?
Did I wake up in another dimension?
Whiskey, tango, foxtrot?
I'm sorry I'm a little lost here. So if I download Adobe Flash my computer will be safer?
Did I wake up in another dimension?
Haha, no. It means if you get a message that you need to download flash, go to Adobe and get the official flash update, not one from another site. It won't make your computer safer, it will just prevent you from downloading the trojan.