Flashback malware still on 140K Macs despite fix

2»

Comments

  • Reply 21 of 38
    c4rlobc4rlob Posts: 277member
    140,000 is like the amount of iPads Apple sells each day right?
  • Reply 22 of 38
    Quote:
    Originally Posted by mdriftmeyer View Post


    The best part of the situation is that Apple is developing security measures and not relying on a 3rd party to profit on this scenario.



    The worst part is that Apple is only concerned about Lion users. I suspect that Snow leopard users are at risk as well. If the fix does what I think it does, then it's a no brainer to issue a fix for Snow Leopard too.
  • Reply 23 of 38
    solipsismxsolipsismx Posts: 19,566member
    Quote:
    Originally Posted by c4rlob View Post


    140,000 is like the amount of iPads Apple sells each day right?



    140,000 x 30 x 3 = 12,600,000. I'd say more than that.





    Quote:
    Originally Posted by Macky the Macky View Post


    The worst part is that Apple is only concerned about Lion users. I suspect that Snow leopard users are at risk as well. If the fix does what I think it does, then it's a no brainer to issue a fix for Snow Leopard too.



    That did seem odd since Apple has a long history of issuing security updates to OSes long out of date but I checked the support file and it says that only those with Java & Lion are affected. That said, if they recommend it for those that don't have Java installed (even though it's a click away to install it) I'd think they'd want to get rid of it from every machine so that it can't ever become active. Because they don't I would assume that it doesn't self propagate across a network, gets overwritten when you upgrade to Lion and can't affect SL users as is.
  • Reply 24 of 38
    mcarlingmcarling Posts: 1,106member
    Quote:
    Originally Posted by c4rlob View Post


    140,000 is like the amount of iPads Apple sells each day right?



    Close. That's the number of iPads Apple sells on an average day. Use amount for things which are measurable rather than countable. Use number for things which are countable. Money is the only exception (because long ago money was weighed rather than counted).
  • Reply 25 of 38
    solipsismxsolipsismx Posts: 19,566member
    Quote:
    Originally Posted by mcarling View Post


    Money is the only exception (because long ago money was weighed rather than counted).



    I had never thought of it before but you are absolutely correct.



    Quote:

    What's the number of money for which you will charge for this item?



    Wow! That sounds so wrong.
  • Reply 26 of 38
    These are truly clueless individuals that have turned off their Software Update app & have no clue as to what they are getting their computers & themselves into



    Cheers !
  • Reply 27 of 38
    irnchrizirnchriz Posts: 1,589member
    Symantec are the single most useless company out there. Their security products are complete bloat ware and provide only one function, to slow down your PC. Not a single Symantec antivirus product has been worth using since the late 90's.



    I take any news from them with a huge pinch of salt.
  • Reply 28 of 38
    cnocbuicnocbui Posts: 3,613member
    A big reason for there still to be lots of infected machines is that Apple only provided a fix for Snow Leopard and Lion. Quite a few people like myself, are probably still using Leopard.
  • Reply 29 of 38
    wonwon Posts: 3member
    Quote:
    Originally Posted by cnocbui View Post


    A big reason for there still to be lots of infected machines is that Apple only provided a fix for Snow Leopard and Lion. Quite a few people like myself, are probably still using Leopard.



    I agree. You're the first person I've seen mention this, but I've been wondering why none of the reports I've read mention Leopard, as if it doesn't exist any longer. Apple's the only place I've seen a specific reference to manually removing a Flashback infection from a Leopard install to date.
  • Reply 30 of 38
    I'd like to know what web sites are hosting the infection, so we know where to avoid in the first place.
  • Reply 31 of 38
    b9botb9bot Posts: 238member
    Another part of this is some people ignore there updates! No matter how many times software update prompts them to update, they are to lazy, ignorant, or in a hurry to bother with pressing the updates button and wait a few minutes to do them.

    I believe this is what were seeing now is all of the people who just refuse to do there updates when they show up. It is these types of users who get everyone in trouble, because they are the ones that will spread this kind of stuff and other kinds of security problems too.

    If you get on a computer whether it's your friends computer, your mom's computer, your co-workers computer and you see they aren't up-to-date. Fix it for them please! Let them know they can cause a lot of trouble for themselves and others who do exactly the same thing and ignore there updates.

    These updates are not only for security but also for reliability and make all programs work better together.



    DO YOUR UPDATES DAMN IT!!
  • Reply 32 of 38
    Quote:
    Originally Posted by b9bot View Post


    Another part of this is some people ignore there updates! No matter how many times software update prompts them to update, they are to lazy, ignorant, or in a hurry to bother with pressing the updates button and wait a few minutes to do them.

    I believe this is what were seeing now is all of the people who just refuse to do there updates when they show up. It is these types of users who get everyone in trouble, because they are the ones that will spread this kind of stuff and other kinds of security problems too.

    If you get on a computer whether it's your friends computer, your mom's computer, your co-workers computer and you see they aren't up-to-date. Fix it for them please! Let them know they can cause a lot of trouble for themselves and others who do exactly the same thing and ignore there updates.

    These updates are not only for security but also for reliability and make all programs work better together.



    DO YOUR UPDATES DAMN IT!!



    There is a set of users out there that are not owners, like students. They have no power nor the interest to maintain the computers made available to them. They are most likely to have visited the porn site or whatever and gotten this malware. There is also the set of owners/users who have forgotten their own user password and thus can't update anything. This same group don't know how to reset their user account password.
  • Reply 33 of 38
    bregaladbregalad Posts: 816member
    Quote:
    Originally Posted by won View Post


    I agree. You're the first person I've seen mention this, but I've been wondering why none of the reports I've read mention Leopard, as if it doesn't exist any longer. Apple's the only place I've seen a specific reference to manually removing a Flashback infection from a Leopard install to date.



    My parents are still on Leopard because their old printer won't work on anything newer and they're the kind of people who will not toss away working products and buy new ones. They don't install updates, but I know they're safe from most malware because they they're too scared of screwing things up to install anything. I get phone calls to confirm the most basic things.



    I'm on Snow Leopard and only the expiration of MobileMe will force me to upgrade a single machine to Lion. So far I've seen nothing in Lion I want and plenty of flakiness I don't. Mountain Lion will render useless the most important productivity tool I have: Spark. Unlike most macro tools Spark runs as a daemon that intercepts key combinations allowing me to launch and switch apps with hot-keys. Control-S, for example brings up Safari and Control-M, Mail. It's so fast and easy that using anyone else's Mac feels primitive and slow. Under the new rules only Apple themselves will have the ability to provide global hot key functionality and I'll probably be throwing lead on the devil's curling team before that happens.
  • Reply 34 of 38

    Quote:

    Originally Posted by b9bot View Post



    Another part of this is some people ignore there updates! No matter how many times software update prompts them to update, they are to lazy, ignorant, or in a hurry to bother with pressing the updates button and wait a few minutes to do them.

    I believe this is what were seeing now is all of the people who just refuse to do there updates when they show up. It is these types of users who get everyone in trouble, because they are the ones that will spread this kind of stuff and other kinds of security problems too.

    If you get on a computer whether it's your friends computer, your mom's computer, your co-workers computer and you see they aren't up-to-date. Fix it for them please! Let them know they can cause a lot of trouble for themselves and others who do exactly the same thing and ignore there updates.

    These updates are not only for security but also for reliability and make all programs work better together.



    DO YOUR UPDATES DAMN IT!!


     


    Quote:

    Originally Posted by BradMacPro View Post





    There is a set of users out there that are not owners, like students. They have no power nor the interest to maintain the computers made available to them. They are most likely to have visited the porn site or whatever and gotten this malware. There is also the set of owners/users who have forgotten their own user password and thus can't update anything. This same group don't know how to reset their user account password.


     


    Too true and very likely to form a large proportion of the still infected. Another group of ignorant users are some single-purpose users of Macs, particularly music producers. I know of one or two who only ever use their Macs to create demos and even full-fledged music productions for artistes, and in spite of the importance of the Mac to their revenues and income, often lag years behind in security updates. I'm talking about people who will even physically resist your helping them do so, and even open up their manuals for the first time in order to roll back any beneficial changes anyone may have made on their behalf! I kid you not, I have had experiences where I have just had to leave such users to their own devices, literally. <shakes head sadly>


     


    Quote:

    Originally Posted by Bregalad View Post





    My parents are still on Leopard because their old printer won't work on anything newer and they're the kind of people who will not toss away working products and buy new ones. They don't install updates, but I know they're safe from most malware because they they're too scared of screwing things up to install anything. I get phone calls to confirm the most basic things.



    I'm on Snow Leopard and only the expiration of MobileMe will force me to upgrade a single machine to Lion. So far I've seen nothing in Lion I want and plenty of flakiness I don't. Mountain Lion will render useless the most important productivity tool I have: Spark. Unlike most macro tools Spark runs as a daemon that intercepts key combinations allowing me to launch and switch apps with hot-keys. Control-S, for example brings up Safari and Control-M, Mail. It's so fast and easy that using anyone else's Mac feels primitive and slow. Under the new rules only Apple themselves will have the ability to provide global hot key functionality and I'll probably be throwing lead on the devil's curling team before that happens.


     


    The danger with your parents method of working is that there is NOTHING to install with FlashBack - it will install itself without any intervention on their part. All that is required is to visit a malicious website, the nature and identity of which has not yet been published so far. So this is one piece of malware that they are NOT safe from.


     


    The hot keys you are using are easily configurable within stock Snow Leopard or Lion without the macro tool you are using. However, some of the hot keys you are using are not too advisable as a little reading will show you that the two-key combinations you are using (particularly Control-S) MAY already be in use by your system, and can also be inadvertently pressed when you don't mean to (you've probably experienced this a few times). Three-key macros, on the other hand are hard to select by mistake and ensure that your intention is deliberate rather than accidental.

  • Reply 35 of 38


    Actually we do know, at least in part, where one might pick up the Flashback trojan. Most are .nu web sites but also various Wordpress based blog sites as some folks running WordPress downloaded a bogus plugin with the trojan.

  • Reply 36 of 38
    bregaladbregalad Posts: 816member


     


    Quote:

    Originally Posted by airmanchairman View Post


    The hot keys you are using are easily configurable within stock Snow Leopard or Lion without the macro tool you are using. However, some of the hot keys you are using are not too advisable as a little reading will show you that the two-key combinations you are using (particularly Control-S) MAY already be in use by your system, and can also be inadvertently pressed when you don't mean to (you've probably experienced this a few times). Three-key macros, on the other hand are hard to select by mistake and ensure that your intention is deliberate rather than accidental.



     


    I can't find anything in System Preferences - Keyboard that launches or switches apps so I would really appreciate a reply.

  • Reply 37 of 38


     


    Quote:

    Originally Posted by Bregalad View Post


     


     


    I can't find anything in System Preferences - Keyboard that launches or switches apps so I would really appreciate a reply.



     


    Sorry for the long pause...


     


    You are quite correct... a Service has to be created first using Automator (a simple one: create a Service using Automator with a single action to "Launch Application". Set the conditions of this service to receive "no input," and make it available in "all applications").


     


    Name and save the Service and create a shortcut to it on the Keyboard Shortcuts tab of the Keyboard System Preferences panel as usual. 

  • Reply 38 of 38
    hungoverhungover Posts: 602member


     


    Quote:

    Originally Posted by Sandman619 View Post



    These are truly clueless individuals that have turned off their Software Update app & have no clue as to what they are getting their computers & themselves into



    Cheers !


     


    A tad harsh. Some of them will be running OSes that are only 2.5 years old and might not realise that they are no longer supported, thus even with updates turned on they will not get any updates, eg leopard.


     


    They may well have been told at the point of purchase that Mac can't be infected and so assume that they don't need to exercise caution or be proactive.


     


    I understand that Apple want everyone to be on the latest OS but perhaps support for older OSes could be extended when it comes to security.

Sign In or Register to comment.