16 replies to this topic

[Ichigo27]

Whos heard of this? I've looked at brief headlines that 600,000 macs were effected, I have also heard java and flash player issues, not 100% sure if it effects installing Flash Player 11.2 that pops up on the dock. However I did check system updates and updated java.

Would like to know what you guys think of this.

[Hansi]

It's just a sleeper dynlib. It's only in there if you've used a fake Flash Player installer that most likely would have originated from a porn site etc according to the news.

Here are instructions for checking on it and removing it: http://www.f-secure....46cf8b0dd0b6707

[the Battle Cat]

Apparently the creepy little arse is suicidal too.  This from the linked website:

Quote

On execution, the malware checks if the following path exists in the system:

/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app

If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.

[Ichigo27]

Hansi, on 06 April 2012 - 04:00 AM, said:

It's just a sleeper dynlib. It's only in there if you've used a fake Flash Player installer that most likely would have originated from a porn site etc according to the news.

Do think I downloaded the flash player from adobes website on my new imac. After shut down, did boot it up  and didn't get a reminder for the update.

So this would be the right one? Just to make sure.

http://helpx.adobe.c...ash-player.html

[Hansi]

Yes this one would show up in a pop up from a web site according to the articles I read. You should not need to worry.

But you can run the commands listed in the link above if you want to be 100% sure.

[HeadWes]

Malware and a DOJ lawsuit... Apple is the new Microsoft.

[doh123]

Actually the last version of Flashback.. the one that got to 600,000 installs was a drive-by... it installed itself using a security flaw in Java.  It did it in the background with no prompt, no passwords nothing... you didn't have any indication you were affected.  There is no patch for OSX 10.5 and older... but the patches for 10.6+ of Java fix the security hole and version 3 of the update actually removes the malware if you have it.

[Sargiel]

Looks like I'll have to look to RISC OS for security through obscurity from now on

[doh123]

Amiga OS is still going strong!  :-)

[Matt Diamond]

I believe the 600,000 figure is an estimate from a single vendor of anti-virus software. They did explain their methodology for their estimate, which is based on a sample of machines they observed. But last I heard noone else had given any other estimate or concurred with the original estimate.

Grain of salt is all I'm saying. It does appear to have attacked Macs in the wild though, which is more than we can say for previous Mac virus announcements from little-known virus companies.

[HeadWes]

Clearly the future lies with Haiku (Zombie BeOS).

[the Battle Cat]

Apple released a Java update today that specifically addresses the Flashback issue.

[Diablofett]

Hansi, on 06 April 2012 - 03:50 PM, said:

Yes this one would show up in a pop up from a web site according to the articles I read. You should not need to worry.

But you can run the commands listed in the link above if you want to be 100% sure.

I saw estimates ranging from over 600,000 macs to 2/3 of all macs have been infected. Either way that is a lot of porn!

[Hansi]

That 600k number is from a single source and is extrapolated from a sample of something like 50 Macs.

[Janichsan]

The Flashback problem is hardly fixed and already the next Mac malware warning is making its round. It also uses a Java exploit but appears to be more of an idiot's trojan: you infect your Mac with it, you actively have to open a Word file coming from a random spam mail (so no "drive-by" infection). And you can easily disable it by simply deleting two openly visible plist files from your Preferences folders.

[doh123]

The word one uses a Word bug that was fixed years ago... you have to be running a totally unpatched Word 2004 or Word 2008...

[Matt Diamond]

600,000 Macs is approximately 1%, I'm told. That's a very bad outbreak if the 600K estimate is even true, but is hardly 2/3rds.

The new estimate since Apple released patches is already down to 50K.

The Word macro thing is old news.

Maybe Apple will jump on the next vulnerability a bit quicker- they were warned about this one months ago. So hopefully this was a decent wake up call for them and for Mac users too (though who trusts browser popups that want to install video playback or anti-virus software?) But the sky isn't falling, no matter how much the trolls and the virus companies seem to want it to. Stay frosty, people.