Flashback Tidbits: Flashback Checker, OpenDNS Protection, Apple's Low-Visibility Security Team

The Flashback malware affecting OS X systems has gained quite a bit of publicity since it was disclosed last week that over 600,000 Macs have been infected by the malware. Flashback began life last year as a trojan and has morphed into a drive-by download taking advantage of a vulnerability in Java that Apple did not patch until last week, despite Oracle having released patches for other systems back in February.

Over the past few days, a few additional tidbits of information on Flashback have surfaced, including the arrival of some new tools to help users manage the threat.

- As noted by Ars Technica, a new Mac app by the name of Flashback Checker has been released to help users determine whether their machines have been infected. Users have been instructed to use Terminal to enter commands searching for files created by the malware upon infection, and Flashback Checker offers a simple packaging of these commands behind a user interface. While the app is incredibly simple and does not offer assistance with removing Flashback if it is found on a given system, it does provide a more familiar interface for those who might be intimidated by delving into Terminal on their own.

flashback checker
- OpenDNS has announced that it has included filtering of Flashback in its services. OpenDNS offers a number of features to improve resolution of domain names, and the new filtering of Flashback helps prevent infection while also preventing already-infected machines from communicating with the command-and-control servers being used to deliver instructions to the infected machines.

- Forbes has an interview with Boris Sharov of Russian security firm Dr. Web, which was first to bring the magnitude of the Flashback threat to light. In the interview, Sharov describes how difficult it was to even track down the proper team at Apple with which to share their data, also noting how uncommunicative Apple has been throughout the process. In fact, the only sign of interest they've seen from Apple is the company's efforts to shut down the "sinkhole" Dr. Web was using to reroute traffic from infected machines to gauge how widespread the infections are.

“They told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren’t the ones controlling it and not doing any harm to users,” says Sharov. “This seems to mean that Apple is not considering our work as a help. It’s just annoying them.”

Sharov believes that Apple’s attempt to shut down its monitoring server was an honest mistake. But it’s a symptom of the company’s typically tight-lipped attitude. In fact, Sharov says that since Dr. Web first contacted Apple to share its findings about the unprecedented Mac-based botnet, it hasn’t received a response. “We’ve given them all the data we have,” he says. “We’ve heard nothing from them until this.”

Security experts at Kaspersky Lab, which verified Dr. Web's assessment of Flashback's prevalence, indicate that Apple is indeed taking the proper steps to address the threat, including tracking and shutting down the servers being used by the malware. But the company has little experience with threats of this magnitude and is undoubtedly scrambling to keep on top of the situation.

Top Rated Comments

Supermacguy Avatar
155 months ago
Secrecy has it's place for new product announcements, but Apple needs to get its head out of its ass in regard to security issues. Start working with the good guys, communicate a little bit with them. Playing ostrich doesn't help anyone examine or solve problems.
Score: 17 Votes (Like | Disagree)
Doc750 Avatar
155 months ago


. In the interview, Sharov describes how difficult it was to even track down the proper team at Apple with which to share their data, also noting how uncommunicative Apple has been throughout the process. In fact, the only sign of interest they've seen from Apple is the company's efforts to shut down the "sinkhole" Dr. Web was using to reroute traffic from infected machines to gauge how widespread the infections are.Security experts at Kaspersky Lab, which verified Dr. Web's assessment of Flashback's prevalence, indicate that Apple is indeed taking the proper steps to address the threat, including tracking and shutting down the servers being used by the malware. But the company has little experience with threats of this magnitude and is undoubtedly scrambling to keep on top of the situation.

Article Link: Flashback Tidbits: Flashback Checker, OpenDNS Protection, Apple's Low-Visibility Security Team (https://www.macrumors.com/2012/04/10/flashback-tidbits-flashback-checker-opendns-protection-apples-low-visibility-security-team/)

Typical apple ...
Score: 15 Votes (Like | Disagree)
nagromme Avatar
155 months ago
The end of an era!

We’ve gone from:

* 2001: Macs are just as dangerous as Windows, probably worse, because, even though there has never been a successful real-world malware infestation on OS X, thousands of them are just about to happen any minute now!

To:

* Macs are just as dangerous as Windows, probably worse, because there has been ONE successful real-world malware infestation on OS X.

(I definitely do count this instance: it’s not a virus, not a worm, but it’s not a mere Trojan either—it’s a Trojan that installs itself; meaning the web site itself is the Trojan Horse—and one link is all it takes to get to a web site.)

P.S. I’d like to see more on the other side of the story: first a web site must be compromised, and only then can a Mac visiting it (with Java on) be compromised too. How are these web sites being compromised, which ones are they, how many of them, can we detect them, and can they be blocked if not fixed?
Score: 12 Votes (Like | Disagree)
KnightWRX Avatar
155 months ago
Myth of the inherent invulnerability of OS X to malware... Busted! :eek:

No one ever claimed OS X was invulnerable to malware. This isn't the first piece of malware for OS X anyhow.
Score: 10 Votes (Like | Disagree)
D.T. Avatar
155 months ago
Step 1: Fake trojan outbreak news

Step 2: Create bogus removal tool that infects Mac when run

Step 3: 20 millions of Macs now trojan’ed


:D


I’m sure it’s fine, and if you’re paranoid you can compile the source yourself (though if you can compile source, you should be able to perform the manual check easily...)
Score: 8 Votes (Like | Disagree)
dotheDVDeed Avatar
155 months ago
And still no fix for Leopard and Tiger users
Score: 8 Votes (Like | Disagree)

Popular Stories

General Apps Messages

Apple Announces 'Groundbreaking' New Security Protocol for iMessage

Wednesday February 21, 2024 6:00 am PST by
Apple today announced a new post-quantum cryptographic protocol for iMessage called PQ3. Apple says this "groundbreaking" and "state-of-the-art" protocol provides "extensive defenses against even highly sophisticated quantum attacks." Apple believes the PQ3 protocol's protections "surpass those in all other widely deployed messaging apps," according to its blog post:Today we are announcing...
iOS 17

iOS 17.4 Will Add These New Features to Your iPhone

Monday February 19, 2024 6:52 am PST by
Apple last month confirmed that iOS 17.4 will be released in March, and the update includes several new features and changes for the iPhone. Key new features in iOS 17.4 include major App Store changes in the EU and Apple Podcasts transcripts. The update also adds new emoji and includes preparations for the launch of next-generation CarPlay later this year. More details about the new...
samsung galaxy ring

'Apple Ring' Allegedly in Development to Rival Samsung Galaxy Ring

Tuesday February 20, 2024 2:27 am PST by
Apple is speeding up development of a smart ring that can be worn on the finger to track users' health biometrics, claims a new report coming out of Korea. Teaser image of Samsung Galaxy Ring shown at Galaxy Unpacked in January Apple has toyed with the idea of a ring wearable for several years, as indicated by several patents, but with Samsung preparing to bring its own product to market, the ...
volvo s60 drivers apple maps

iOS 17.4 Beta Adds CarPlay Option to Show Upcoming Maneuvers in Instrument Cluster

Tuesday February 20, 2024 10:47 am PST by
The fourth beta of iOS 17.4 that Apple released today adds a new CarPlay feature, according to the notes that Apple provided to developers. In supported CarPlay vehicles, there's now an Apple Maps option to show information about upcoming maneuvers in the instrument cluster. CarPlay users will be able to swap the display type between the main and instrument cluster by tapping on the map...
Beyond iPhone 13 Better Blue Face ID Single Camera Hole

Six Reasons to Wait for Next Year's iPhone 17

Thursday February 22, 2024 4:20 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models concurrently, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different, and already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...
iPad Pro OLED Feature 2

Apple's Upcoming OLED iPad Pro Models Rumored to Be Much Thinner

Tuesday February 20, 2024 1:39 pm PST by
Apple is planning to update the iPad Air and iPad Pro lineups as soon as March, and the new iPad Pro models will be significantly thinner according to dimensions shared by 9to5Mac. Citing sources with knowledge of Apple's plans, the site claims that the larger version will be more than 1mm thinner. The current 12.9-inch iPad Pro measures in at 6.4mm thick, but the new model is said to be 5mm ...
Oled iPads and MackBook Pro Notch

Apple's OLED Roadmap: New iPad Mini, Foldable iPad Pro, and More

Wednesday February 21, 2024 5:29 am PST by
Apple is planning to launch at least nine new devices with OLED displays across the iPad and MacBook product lines, according to an updated forecast from research firm Omdia that sets out the company's plans in detail. As widely rumored, Apple's push to transition to OLED will apparently be jump-started by the release of new 11- and 13-inch iPad Pro models this year. The displays will...
m3 macbook pro 14 16

Apple Now Selling Refurbished M3 Pro and M3 Max MacBook Pro Models

Monday February 19, 2024 5:04 pm PST by
Apple today began offering refurbished versions of the 14-inch and 16-inch MacBook Pro models with M3 Pro and M3 Max chip options, offering the machines at a discount for the first time since their October 2023 release. The release of M3 Pro and M3 Max models on Apple's refurbished store comes almost two weeks after the entry-level 14-inch M3 MacBook Pro first appeared on the store....