600,000 Macs Worldwide Reportedly Infected by Flashback Trojan
Ars Technica reports on a Tweet from Russian malware analyst Ivan Sorokin at Dr. Web claiming that the Flashback trojan has now infected over 600,000 Macs worldwide. That number reportedly includes 274 machines "from Cupertino", presumably meaning at Apple's headquarters.According to Dr. Web, the 57 percent of the infected Macs are located in the US and 20 percent are in Canada. Like older versions of the malware, the latest Flashback variant searches an infected Mac for a number of antivirus applications before generating a list of botnet control servers and beginning the process of checking in with them.The authors of the Flashback trojan have continued to tweak the software since it first surfaced last September, adjusting its tactics several times to include both social engineering tricks and exploits of vulnerabilities.
The most recently-seen version of Flashback surfaced earlier this week, exploiting a Java vulnerability that was unpatched on OS X. While Oracle had released an update closing the hole on Windows back in February, Apple had yet to issue a fix for Macs, as the company has historically maintained its own Java updates that are deployed some time after Oracle issues its own corresponding updates. But just a day after that report, Apple did update Java to address the vulnerability being exploited by Flashback.
Antivirus firm F-Secure has instructions on how users can determine whether their machines are infected by the Flashback trojan. The instructions do involve running commands in Terminal, and users should thus take care to follow the instructions exactly.
Top Rated Comments
(View all)
15 months ago
clean here, update your system often and you should not run into this trojans...
The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.
For those who want to check if mac is infected (from F-Secure instructions):
Run the following command in terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If you get "The domain/default pair ... does not exist" for both - you are clean
from 9to5mac
The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.
For those who want to check if mac is infected (from F-Secure instructions):
Run the following command in terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If you get "The domain/default pair ... does not exist" for both - you are clean
from 9to5mac
15 months ago
I'm usually against cruel and unusual punishment, but people who spend their life creating these Trojans and other things need to be punished appropriately.
15 months ago
If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?
Interesting.
I guess it feels that we are suffering enough already with these installed. Hmm, this must be a new, more compassionate trojan.
15 months ago
Here comes the debate between the definitions of "Malware" and "Virus"
Humans can't get malware.
15 months ago
Here we go again....
At least it appears to be easier to remove than a Windows style malware infection...
The article has clearly stated that you need to use Terminal, which involves commands and some deep knowledge of what you're doing, for Flashback's removal.
In Windows, you just need to use Windows Malicious Software Removal Tool or a decent anti-virus, which involves 1 or 2 clicks.
Yea, it's gotta be very hard to click things. I mean, typing commands in Terminal must be simpler.
I know that MacRumors is an Apple oriented place, where Apple lovers come to discuss things about Apple's product. But, posts like the one I quoted make it look like a fanboy place, not an Apple technology discussion place.
15 months ago
People click through certificate warnings all the time, mostly because they don't know or care what it means. I don't think the scenario is as far-fetched as you seem to think it is.
Before going into panic mode, try to analyse what you have here. End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that.
You cannot protect ignorant people, even if you like.
Difference here is that you only get infected if you explicitly allow malware to run. In MS world you get infected without even knowing it.
15 months ago
Screw it, the instructions look pretty long
You only need to run the two commands.
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
Copy and paste chisperro's two lines into a terminal.
15 months ago
Hopefully Apple is out with a malware cleaner sooner rather than later. I'd guess that most people don't know Terminal exists, let alone know how to use it.
Apple does need to do a better job of getting these patches out sooner. The Java fix was available in February. Perhaps they need something like Microsoft's "Patch Tuesday."
Apple does need to do a better job of getting these patches out sooner. The Java fix was available in February. Perhaps they need something like Microsoft's "Patch Tuesday."
15 months ago
Here we go again....
At least it appears to be easier to remove than a Windows style malware infection...
At least it appears to be easier to remove than a Windows style malware infection...
15 months ago
If I'm reading the information on the F-secure website correctly, the trojan wont install itself if it discovers that Microsoft Office or Skype is already installed?
Interesting.
That's because any of those is already malware :-)
[ Read All Comments ]
Gameloft is offering up two of its most popular games for free this weekend. Both N.O.V.A. 3 - Near Orbit Vanguard Alliance and Gangstar Rio: City of Saints can be downloaded at no cost for the first...
Haunting Melissa, from Hooked Media Digital and "The Ring" producer Neil Edelstein, is an app that aims to deliver movies on mobile devices in an entirely new way.
Much like a TV show on...
The U.S. Federal Trade Commission has begun sending educational letters to app developers to make them aware of upcoming changes to the Children's Online Privacy Protection Act (COPPA) that was...
eBay today released updates to its iPhone and iPad apps, offering a redesigned user interface that includes multiple search views, an improved bidding process for ending auctions, and new shopping...
Apple today released MacBook Air Flash Storage Firmware Update 1.0, an update for Mid-2012 MacBook Air models to address an issue with recovering from crashes.This update is recommended for MacBook...
Google has updated its Google Play Books iOS app following its keynote address at Google I/O this morning, adding support for user uploaded PDF and ePub files.
Google Play, the world's...
DirecTV today updated its iPhone app with the ability to search channels and discover new entertainment with voice commands. The app allows users to view search results on the TV (via a supported...
As noted by 9to5Mac, Apple today seeded build 12E52 of OS X 10.8.4 to developers. The release comes seven days after the previous build 12E47 and marks the seventh beta iteration of OS X 10.8.4.
...
