If it doesn't find Little Snitch, the malware then tries to connect to a remote host in China in order to obtain other installation files and configurations.
Frapping Chinese. I wish Apple would move all its manufacturing out of that country.
Because the Trojan appends launch instructions to property lists within the Safari and Firefox programs, if you would like to check to see if a system has been infected with this Trojan, you can open the Terminal and run the following commands:
On an uninfected system these commands should produce an error message stating the specified domain/default pair does not exist. However, if these commands give an output that includes the text "DYLD_INSERT_LIBRARIES" followed by a path to a file, then the Trojan installer has been run and has infected the system. If this is the case, you can remove the infection either by editing Safari or Firefox to prevent the payload from running, or by simply deleting the browsers and downloading them again. Doing the latter should completely remove the payload from your system.
Peace out Homies...Keep it Safe.
Fantastic info Simsonic. I wish the article had described the steps needed for resolution with that clarity. Cheers.
There is a lot of news video that is only in Flash. Just today I went to Wolfram|Alpha and even their tour video is in Flash. As smart as those people are you'd think they would choose an intelligent means of presenting their information. They do have a different video for iPhone, but OS X it is Flash.
Yeah but Wolfram|Alpha is that science thing... and many 'mericans view science and knowledge as pornographic so maybe that just reinforces the idea for some that Flash is only good for un-Godly things
The procedure to detect and remove the offending files.
Windows machines have any number of free AV solutions available. They are set and forget software, they update themselves. They inspect incoming data and will not let you download offending code, unless you override the warning.
If they miss anything, they do a deep scan, automagically in the middle of the night, and remove or quarantine the offending code with no user hassles.
The procedure that Mac users need to go through to detect and remove malware is insane.
Implying this has anything to do with the program itself.
Like it or not, Flash is far from dead and is still very common on the web.
True. In fact, the reason they're using a fake flash player is because a) flash is known to upgrade regularly and b) it doesn't upgrade through software update. People are used to seeing flash upgrade notices, so they don't pay attention when this thing tries to load.
The procedure to detect and remove the offending files.
Windows machines have any number of free AV solutions available. They are set and forget software, they update themselves. They inspect incoming data and will not let you download offending code, unless you override the warning.
If they miss anything, they do a deep scan, automagically in the middle of the night, and remove or quarantine the offending code with no user hassles.
The procedure that Mac users need to go through to detect and remove malware is insane.
Sounds like you need to upgrade to Windows with a good anti-virus program.
I for one am a Window IT administrator by day, I can't wait to get home and use my antivirus-free Mac at night!
Because the Trojan appends launch instructions to property lists within the Safari and Firefox programs, if you would like to check to see if a system has been infected with this Trojan, you can open the Terminal and run the following commands:
On an uninfected system these commands should produce an error message stating the specified domain/default pair does not exist. However, if these commands give an output that includes the text "DYLD_INSERT_LIBRARIES" followed by a path to a file, then the Trojan installer has been run and has infected the system. If this is the case, you can remove the infection either by editing Safari or Firefox to prevent the payload from running, or by simply deleting the browsers and downloading them again. Doing the latter should completely remove the payload from your system.
Peace out Homies...Keep it Safe.
Thank you. Would have been nice if the article had this.
Sounds like you need to upgrade to Windows with a good anti-virus program.
I for one am a Window IT administrator by day, I can't wait to get home and use my antivirus-free Mac at night!
Which Windows AV is your preferred choice? I haven't had any malware problems for longer than I can recall.
A few years ago I downloaded something nasty from a P2P site, but other than that, I can't even remember having a problem. I'm not sure what I was using at that time.
The procedure to detect and remove the offending files.
Windows machines have any number of free AV solutions available. They are set and forget software, they update themselves. They inspect incoming data and will not let you download offending code, unless you override the warning.
If they miss anything, they do a deep scan, automagically in the middle of the night, and remove or quarantine the offending code with no user hassles.
The procedure that Mac users need to go through to detect and remove malware is insane.
"They inspect incoming data and will not let you download offending code, unless you override the warning." assuming that the A/V definitions include that malware.
"If they miss anything, they do a deep scan, automagically in the middle of the night,"
so they know when they miss stuff and do a "automagic" scan? If they know they missed something why didn't they remove it orginally?
The Mac A/V software works the same way as the Windows A/V software by the way. The huge majority of us Mac users don't actually have worry about any of this or the three million and counting Windows malware.
Comments
If it doesn't find Little Snitch, the malware then tries to connect to a remote host in China in order to obtain other installation files and configurations.
Frapping Chinese. I wish Apple would move all its manufacturing out of that country.
Because the Trojan appends launch instructions to property lists within the Safari and Firefox programs, if you would like to check to see if a system has been infected with this Trojan, you can open the Terminal and run the following commands:
If you have Safari:
defaults read /Applications/Safari.app/Contents/Info.plist LSEnvironment
If you have Firefox:
defaults read /Applications/Firefox.app/Contents/Info.plist LSEnvironment
On an uninfected system these commands should produce an error message stating the specified domain/default pair does not exist. However, if these commands give an output that includes the text "DYLD_INSERT_LIBRARIES" followed by a path to a file, then the Trojan installer has been run and has infected the system. If this is the case, you can remove the infection either by editing Safari or Firefox to prevent the payload from running, or by simply deleting the browsers and downloading them again. Doing the latter should completely remove the payload from your system.
Peace out Homies...Keep it Safe.
Fantastic info Simsonic. I wish the article had described the steps needed for resolution with that clarity. Cheers.
Adobe insist on using their crappy installer which is based on Air which looks horrible.
So if the installer looks nice then be warned.
There is a lot of news video that is only in Flash. Just today I went to Wolfram|Alpha and even their tour video is in Flash. As smart as those people are you'd think they would choose an intelligent means of presenting their information. They do have a different video for iPhone, but OS X it is Flash.
Yeah but Wolfram|Alpha is that science thing... and many 'mericans view science and knowledge as pornographic so maybe that just reinforces the idea for some that Flash is only good for un-Godly things
Logically it is marketshare which will dictate whether non store apps continue to be allowed.
What's insane about that?
The procedure to detect and remove the offending files.
Windows machines have any number of free AV solutions available. They are set and forget software, they update themselves. They inspect incoming data and will not let you download offending code, unless you override the warning.
If they miss anything, they do a deep scan, automagically in the middle of the night, and remove or quarantine the offending code with no user hassles.
The procedure that Mac users need to go through to detect and remove malware is insane.
Nice advertisement for Little Snitch.
Most people who already own Little Snitch are not likely to be fooled by this fake installer anyway.
yep. Little Snitch is the best!
Implying this has anything to do with the program itself.
Like it or not, Flash is far from dead and is still very common on the web.
True. In fact, the reason they're using a fake flash player is because a) flash is known to upgrade regularly and b) it doesn't upgrade through software update. People are used to seeing flash upgrade notices, so they don't pay attention when this thing tries to load.
People are used to seeing flash upgrade notices, so they don't pay attention when this thing tries to load.
Ever since Flash added itself as a .preferencepane in System Preferences, I've not seen a single upgrade notice.
What's next? Trojan Horse posing as a legitimate virus installer?
The procedure that Mac users need to go through to detect and remove malware is insane.
Been using Macs since 98 with zero protection. What's malware?
The procedure to detect and remove the offending files.
Windows machines have any number of free AV solutions available. They are set and forget software, they update themselves. They inspect incoming data and will not let you download offending code, unless you override the warning.
If they miss anything, they do a deep scan, automagically in the middle of the night, and remove or quarantine the offending code with no user hassles.
The procedure that Mac users need to go through to detect and remove malware is insane.
Sounds like you need to upgrade to Windows with a good anti-virus program.
I for one am a Window IT administrator by day, I can't wait to get home and use my antivirus-free Mac at night!
Because the Trojan appends launch instructions to property lists within the Safari and Firefox programs, if you would like to check to see if a system has been infected with this Trojan, you can open the Terminal and run the following commands:
If you have Safari:
defaults read /Applications/Safari.app/Contents/Info.plist LSEnvironment
If you have Firefox:
defaults read /Applications/Firefox.app/Contents/Info.plist LSEnvironment
On an uninfected system these commands should produce an error message stating the specified domain/default pair does not exist. However, if these commands give an output that includes the text "DYLD_INSERT_LIBRARIES" followed by a path to a file, then the Trojan installer has been run and has infected the system. If this is the case, you can remove the infection either by editing Safari or Firefox to prevent the payload from running, or by simply deleting the browsers and downloading them again. Doing the latter should completely remove the payload from your system.
Peace out Homies...Keep it Safe.
Thank you. Would have been nice if the article had this.
Sounds like you need to upgrade to Windows with a good anti-virus program.
I for one am a Window IT administrator by day, I can't wait to get home and use my antivirus-free Mac at night!
Which Windows AV is your preferred choice? I haven't had any malware problems for longer than I can recall.
A few years ago I downloaded something nasty from a P2P site, but other than that, I can't even remember having a problem. I'm not sure what I was using at that time.
The procedure to detect and remove the offending files.
Windows machines have any number of free AV solutions available. They are set and forget software, they update themselves. They inspect incoming data and will not let you download offending code, unless you override the warning.
If they miss anything, they do a deep scan, automagically in the middle of the night, and remove or quarantine the offending code with no user hassles.
The procedure that Mac users need to go through to detect and remove malware is insane.
"They inspect incoming data and will not let you download offending code, unless you override the warning." assuming that the A/V definitions include that malware.
"If they miss anything, they do a deep scan, automagically in the middle of the night,"
so they know when they miss stuff and do a "automagic" scan? If they know they missed something why didn't they remove it orginally?
The Mac A/V software works the same way as the Windows A/V software by the way. The huge majority of us Mac users don't actually have worry about any of this or the three million and counting Windows malware.
Been using Macs since 98 with zero protection. What's malware?
I think it's what you put on before you go shopping.