Flashback Tidbits: Flashback Checker, OpenDNS Protection, Apple's Low-Visibility Security Team

The Flashback malware affecting OS X systems has gained quite a bit of publicity since it was disclosed last week that over 600,000 Macs have been infected by the malware. Flashback began life last year as a trojan and has morphed into a drive-by download taking advantage of a vulnerability in Java that Apple did not patch until last week, despite Oracle having released patches for other systems back in February.

Over the past few days, a few additional tidbits of information on Flashback have surfaced, including the arrival of some new tools to help users manage the threat.

- As noted by Ars Technica, a new Mac app by the name of Flashback Checker has been released to help users determine whether their machines have been infected. Users have been instructed to use Terminal to enter commands searching for files created by the malware upon infection, and Flashback Checker offers a simple packaging of these commands behind a user interface. While the app is incredibly simple and does not offer assistance with removing Flashback if it is found on a given system, it does provide a more familiar interface for those who might be intimidated by delving into Terminal on their own.

flashback checker
- OpenDNS has announced that it has included filtering of Flashback in its services. OpenDNS offers a number of features to improve resolution of domain names, and the new filtering of Flashback helps prevent infection while also preventing already-infected machines from communicating with the command-and-control servers being used to deliver instructions to the infected machines.

- Forbes has an interview with Boris Sharov of Russian security firm Dr. Web, which was first to bring the magnitude of the Flashback threat to light. In the interview, Sharov describes how difficult it was to even track down the proper team at Apple with which to share their data, also noting how uncommunicative Apple has been throughout the process. In fact, the only sign of interest they've seen from Apple is the company's efforts to shut down the "sinkhole" Dr. Web was using to reroute traffic from infected machines to gauge how widespread the infections are.

“They told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren’t the ones controlling it and not doing any harm to users,” says Sharov. “This seems to mean that Apple is not considering our work as a help. It’s just annoying them.”

Sharov believes that Apple’s attempt to shut down its monitoring server was an honest mistake. But it’s a symptom of the company’s typically tight-lipped attitude. In fact, Sharov says that since Dr. Web first contacted Apple to share its findings about the unprecedented Mac-based botnet, it hasn’t received a response. “We’ve given them all the data we have,” he says. “We’ve heard nothing from them until this.”

Security experts at Kaspersky Lab, which verified Dr. Web's assessment of Flashback's prevalence, indicate that Apple is indeed taking the proper steps to address the threat, including tracking and shutting down the servers being used by the malware. But the company has little experience with threats of this magnitude and is undoubtedly scrambling to keep on top of the situation.

Top Rated Comments

Supermacguy Avatar
118 months ago
Secrecy has it's place for new product announcements, but Apple needs to get its head out of its ass in regard to security issues. Start working with the good guys, communicate a little bit with them. Playing ostrich doesn't help anyone examine or solve problems.
Score: 17 Votes (Like | Disagree)
Doc750 Avatar
118 months ago


. In the interview, Sharov describes how difficult it was to even track down the proper team at Apple with which to share their data, also noting how uncommunicative Apple has been throughout the process. In fact, the only sign of interest they've seen from Apple is the company's efforts to shut down the "sinkhole" Dr. Web was using to reroute traffic from infected machines to gauge how widespread the infections are.Security experts at Kaspersky Lab, which verified Dr. Web's assessment of Flashback's prevalence, indicate that Apple is indeed taking the proper steps to address the threat, including tracking and shutting down the servers being used by the malware. But the company has little experience with threats of this magnitude and is undoubtedly scrambling to keep on top of the situation.

Article Link: Flashback Tidbits: Flashback Checker, OpenDNS Protection, Apple's Low-Visibility Security Team (https://www.macrumors.com/2012/04/10/flashback-tidbits-flashback-checker-opendns-protection-apples-low-visibility-security-team/)

Typical apple ...
Score: 15 Votes (Like | Disagree)
nagromme Avatar
118 months ago
The end of an era!

We’ve gone from:

* 2001: Macs are just as dangerous as Windows, probably worse, because, even though there has never been a successful real-world malware infestation on OS X, thousands of them are just about to happen any minute now!

To:

* Macs are just as dangerous as Windows, probably worse, because there has been ONE successful real-world malware infestation on OS X.

(I definitely do count this instance: it’s not a virus, not a worm, but it’s not a mere Trojan either—it’s a Trojan that installs itself; meaning the web site itself is the Trojan Horse—and one link is all it takes to get to a web site.)

P.S. I’d like to see more on the other side of the story: first a web site must be compromised, and only then can a Mac visiting it (with Java on) be compromised too. How are these web sites being compromised, which ones are they, how many of them, can we detect them, and can they be blocked if not fixed?
Score: 12 Votes (Like | Disagree)
KnightWRX Avatar
118 months ago
Myth of the inherent invulnerability of OS X to malware... Busted! :eek:

No one ever claimed OS X was invulnerable to malware. This isn't the first piece of malware for OS X anyhow.
Score: 10 Votes (Like | Disagree)
D.T. Avatar
118 months ago
Step 1: Fake trojan outbreak news

Step 2: Create bogus removal tool that infects Mac when run

Step 3: 20 millions of Macs now trojan’ed


:D


I’m sure it’s fine, and if you’re paranoid you can compile the source yourself (though if you can compile source, you should be able to perform the manual check easily...)
Score: 8 Votes (Like | Disagree)
dotheDVDeed Avatar
118 months ago
And still no fix for Leopard and Tiger users
Score: 8 Votes (Like | Disagree)

Top Stories

Top Stories 57 Feature

Top Stories: Apple Event Next Tuesday, Mini-LED iPad Pro, iPhone Rumors

Saturday April 17, 2021 6:00 am PDT by
It feels like we've been waiting forever for new Apple products, but the wait is almost over as Apple has announced a media event for next Tuesday, so make sure to tune into MacRumors for full coverage of everything Apple announces. While that was the big news this week, we also got some new details on Apple's iPhone plans for 2022 and 2023 courtesy of analyst Ming-Chi Kuo, and we also saw...
flat imac 3d 3 teal

Reliable Leaker Hints Redesigned Colorful iMac to Debut at 'Spring Loaded' Event

Saturday April 17, 2021 4:43 am PDT by
Reliable leaker known as l0vetodream has hinted that Apple may debut its rumored redesigned and colorful iMac at its "Spring Loaded" event on Tuesday, April 20. In a tweet, the leaker posted an image of Apple's logo used for marketing the upcoming event and an image of the retro rainbow Apple logo alongside the colorful lineup of G3 iMacs. Apple leaker Jon Prosser previously reported that...
third gen Apple pencil leaked video

Video of Alleged Third-Generation Apple Pencil Leaks Ahead of Apple Event

Friday April 16, 2021 6:13 am PDT by
A video purporting to be of the third-generation Apple Pencil has today been shared online, showing a glossy finish that mirrors previous leaks. New ✏️ ready to 🚢 #AppleEvent @TommyBo50387266 pic.twitter.com/s4RCDwDi5M— 漢尼斯·拉斯納 🇨🇳 (@ileakeer) April 16, 2021 The brief video from Twitter account @ileakeer, spotted by 9to5Mac, shows an Apple Pencil with a glossy finish much like the...
important battery message iphone 11

Some iPhone 11 Users Seeing Increased Battery Health Percentages After iOS 14.5 Recalibration Process

Friday April 16, 2021 6:32 am PDT by
In the sixth beta of iOS 14.5, Apple introduced a recalibration process for the battery health reporting system on the iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max to address inaccurate battery health estimates for some users. Apple said this process might take a few weeks to be completed, and now that two weeks have passed since the sixth beta of iOS 14.5 was released, some users are...
duan rui iphone 12 13 notch

New Images Show Smaller iPhone 13 Notch Compared to iPhone 12

Saturday April 17, 2021 11:38 pm PDT by
Leaker known as "DuanRui" has shared more images that could give us our best look yet at Apple's redesigned notch for the iPhone 13. The new pictures follow similar images shared by the leaker last week, but the latest shots include a comparison with the existing iPhone 12 notch. DuanRui posted three images on Twitter that apparently originate from Weibo, although source details remain...
iphone 13 pro max cads eap

iPhone 13 Series CAD Leaks Reveal Larger Camera Dimensions

Friday April 16, 2021 1:53 am PDT by
Information and alleged CADs of the upcoming iPhone 13 series, shared in a video from EverythingApplePro, indicates that Apple plans to make this year's iPhone camera module significantly bigger, likely to make way for larger sensors and sensor-shift stabilization. According to the CADs shared in the video, the iPhone 13 mini, Pro, and Pro Max camera module will all be a "perfect square."...
maxresdefault

Hands-On With Anker's MagSafe-Compatible Battery Pack

Thursday April 15, 2021 9:39 am PDT by
Anker, a company known for its range of accessories designed for Apple products, recently came out with one of the first MagSafe-compatible battery packs, so we thought we'd check it out to see how it compares to a standard battery pack. Subscribe to the MacRumors YouTube channel for more videos. Design wise, Anker's power bank looks like a typical battery pack, but it has magnets built in...
apple event spring loaded

Apple's 'Spring Loaded' Event Officially Announced for Tuesday, April 20

Tuesday April 13, 2021 9:04 am PDT by
Following an overnight leak by Siri, Apple today officially announced that it will be holding a special "Spring Loaded" event on Tuesday, April 20 at 10:00 a.m. Pacific Time at the Steve Jobs Theater on the Apple Park campus in Cupertino, California. As with all of Apple's 2020 events, the April 2021 event will be a digital-only gathering with no members of the media invited to attend in...
iphone 12 120hz thumbnail feature

LTPO Displays Supporting 120Hz Refresh Rates Again Rumored for iPhone 13 Pro Models

Friday April 16, 2021 10:01 am PDT by
The two higher-end "iPhone 13 Pro" models that are coming in 2021 are expected to use LTPO display technology to enable 120Hz refresh rates, according to display analyst Ross Young. Young reaffirmed the detail in a tweet that said he'd heard rumors about only one model featuring LTPO, which he says is inaccurate. Heard some rumors in the industry and media that there would only be one ...
apple music

Apple Music Tops Spotify With One Cent Paid Per Stream

Friday April 16, 2021 6:44 am PDT by
In a letter slated to be shared with artists today through the Apple Music for Artists dashboard, obtained by The Wall Street Journal, Apple has reportedly revealed that it pays music rights holders one cent per song streamed on Apple Music. The report claims that Apple Music's payment structure is thus roughly double what Spotify pays music rights holders per stream, which averages to about ...