Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Flashback Tidbits: Flashback Checker, OpenDNS Protection, Apple's Low-Visibility Security Team
The Flashback malware affecting OS X systems has gained quite a bit of publicity since it was disclosed last week that over 600,000 Macs have been infected by the malware. Flashback began life last year as a trojan and has morphed into a drive-by download taking advantage of a vulnerability in Java that Apple did not patch until last week, despite Oracle having released patches for other systems back in February.
Over the past few days, a few additional tidbits of information on Flashback have surfaced, including the arrival of some new tools to help users manage the threat.
- As noted by Ars Technica, a new Mac app by the name of Flashback Checker has been released to help users determine whether their machines have been infected. Users have been instructed to use Terminal to enter commands searching for files created by the malware upon infection, and Flashback Checker offers a simple packaging of these commands behind a user interface. While the app is incredibly simple and does not offer assistance with removing Flashback if it is found on a given system, it does provide a more familiar interface for those who might be intimidated by delving into Terminal on their own.
- OpenDNS has announced that it has included filtering of Flashback in its services. OpenDNS offers a number of features to improve resolution of domain names, and the new filtering of Flashback helps prevent infection while also preventing already-infected machines from communicating with the command-and-control servers being used to deliver instructions to the infected machines.
- Forbes has an interview with Boris Sharov of Russian security firm Dr. Web, which was first to bring the magnitude of the Flashback threat to light. In the interview, Sharov describes how difficult it was to even track down the proper team at Apple with which to share their data, also noting how uncommunicative Apple has been throughout the process. In fact, the only sign of interest they've seen from Apple is the company's efforts to shut down the "sinkhole" Dr. Web was using to reroute traffic from infected machines to gauge how widespread the infections are.
Over the past few days, a few additional tidbits of information on Flashback have surfaced, including the arrival of some new tools to help users manage the threat.
- As noted by Ars Technica, a new Mac app by the name of Flashback Checker has been released to help users determine whether their machines have been infected. Users have been instructed to use Terminal to enter commands searching for files created by the malware upon infection, and Flashback Checker offers a simple packaging of these commands behind a user interface. While the app is incredibly simple and does not offer assistance with removing Flashback if it is found on a given system, it does provide a more familiar interface for those who might be intimidated by delving into Terminal on their own.
- OpenDNS has announced that it has included filtering of Flashback in its services. OpenDNS offers a number of features to improve resolution of domain names, and the new filtering of Flashback helps prevent infection while also preventing already-infected machines from communicating with the command-and-control servers being used to deliver instructions to the infected machines.
- Forbes has an interview with Boris Sharov of Russian security firm Dr. Web, which was first to bring the magnitude of the Flashback threat to light. In the interview, Sharov describes how difficult it was to even track down the proper team at Apple with which to share their data, also noting how uncommunicative Apple has been throughout the process. In fact, the only sign of interest they've seen from Apple is the company's efforts to shut down the "sinkhole" Dr. Web was using to reroute traffic from infected machines to gauge how widespread the infections are.
“They told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren’t the ones controlling it and not doing any harm to users,” says Sharov. “This seems to mean that Apple is not considering our work as a help. It’s just annoying them.”Security experts at Kaspersky Lab, which verified Dr. Web's assessment of Flashback's prevalence, indicate that Apple is indeed taking the proper steps to address the threat, including tracking and shutting down the servers being used by the malware. But the company has little experience with threats of this magnitude and is undoubtedly scrambling to keep on top of the situation.
Sharov believes that Apple’s attempt to shut down its monitoring server was an honest mistake. But it’s a symptom of the company’s typically tight-lipped attitude. In fact, Sharov says that since Dr. Web first contacted Apple to share its findings about the unprecedented Mac-based botnet, it hasn’t received a response. “We’ve given them all the data we have,” he says. “We’ve heard nothing from them until this.”
[ 115 comments ]
Top Rated Comments
(View all)
95 months ago
Secrecy has it's place for new product announcements, but Apple needs to get its head out of its ass in regard to security issues. Start working with the good guys, communicate a little bit with them. Playing ostrich doesn't help anyone examine or solve problems.
95 months ago
. In the interview, Sharov describes how difficult it was to even track down the proper team at Apple with which to share their data, also noting how uncommunicative Apple has been throughout the process. In fact, the only sign of interest they've seen from Apple is the company's efforts to shut down the "sinkhole" Dr. Web was using to reroute traffic from infected machines to gauge how widespread the infections are.Security experts at Kaspersky Lab, which verified Dr. Web's assessment of Flashback's prevalence, indicate that Apple is indeed taking the proper steps to address the threat, including tracking and shutting down the servers being used by the malware. But the company has little experience with threats of this magnitude and is undoubtedly scrambling to keep on top of the situation.
Article Link: Flashback Tidbits: Flashback Checker, OpenDNS Protection, Apple's Low-Visibility Security Team (https://www.macrumors.com/2012/04/10/flashback-tidbits-flashback-checker-opendns-protection-apples-low-visibility-security-team/)
Typical apple ...
95 months ago
The end of an era!
We’ve gone from:
* 2001: Macs are just as dangerous as Windows, probably worse, because, even though there has never been a successful real-world malware infestation on OS X, thousands of them are just about to happen any minute now!
To:
* Macs are just as dangerous as Windows, probably worse, because there has been ONE successful real-world malware infestation on OS X.
(I definitely do count this instance: it’s not a virus, not a worm, but it’s not a mere Trojan either—it’s a Trojan that installs itself; meaning the web site itself is the Trojan Horse—and one link is all it takes to get to a web site.)
P.S. I’d like to see more on the other side of the story: first a web site must be compromised, and only then can a Mac visiting it (with Java on) be compromised too. How are these web sites being compromised, which ones are they, how many of them, can we detect them, and can they be blocked if not fixed?
We’ve gone from:
* 2001: Macs are just as dangerous as Windows, probably worse, because, even though there has never been a successful real-world malware infestation on OS X, thousands of them are just about to happen any minute now!
To:
* Macs are just as dangerous as Windows, probably worse, because there has been ONE successful real-world malware infestation on OS X.
(I definitely do count this instance: it’s not a virus, not a worm, but it’s not a mere Trojan either—it’s a Trojan that installs itself; meaning the web site itself is the Trojan Horse—and one link is all it takes to get to a web site.)
P.S. I’d like to see more on the other side of the story: first a web site must be compromised, and only then can a Mac visiting it (with Java on) be compromised too. How are these web sites being compromised, which ones are they, how many of them, can we detect them, and can they be blocked if not fixed?
95 months ago
Myth of the inherent invulnerability of OS X to malware... Busted! :eek:
No one ever claimed OS X was invulnerable to malware. This isn't the first piece of malware for OS X anyhow.
95 months ago
Step 1: Fake trojan outbreak news
Step 2: Create bogus removal tool that infects Mac when run
Step 3: 20 millions of Macs now trojan’ed
:D
I’m sure it’s fine, and if you’re paranoid you can compile the source yourself (though if you can compile source, you should be able to perform the manual check easily...)
Step 2: Create bogus removal tool that infects Mac when run
Step 3: 20 millions of Macs now trojan’ed
:D
I’m sure it’s fine, and if you’re paranoid you can compile the source yourself (though if you can compile source, you should be able to perform the manual check easily...)
95 months ago
Another piece I’m curious about: are email spam/phishing campaigns (possibly driven by Windows botnets) being used to send out clickable links to infected sites?
That’s a potential malware vector that I wouldn’t ignore if I were behind this, but email hasn’t been mentioned in the articles I’ve seen.
(By the way, Apple has stumbled in their communication on this—and maybe on their actions too—which does show their lack of experience; probably not their lack of caring. It may also be that this Russia-based sinkhole left them wondering who the good guys really are—which could well keep them silent while making sure of that. Even so, looking at the big security picture, I have to give credit where due: they’ve done things with Lion that NO other “more experienced” OS or vendor has done for security. They’re not the pros in every regard, but they do lead the security pack in other ways. Ways which make me even more glad to be on Mac.)
Also, as for Java being insecure, I always assumed that and always had it turned off, but it shouldn’t have been left to me to do so. Apple should turn it off by default, since most people never need it. I consider Java being enabled by default (much like Open Safe Files) to be a dropped ball by Apple. But easily remedied!
To be fair, “virus” (spreads itself from program to program) vs. “worm” (spreads itself from computer to computer) are terms few can tell apart, and even tech companies don’t always use them consistently. And “Trojan” is too simple a term—some distinction needs to be made between “requiring an unusual user action” and requiring simply visiting a web page. When I see Windows malware installing itself from someone simply visiting a web page, I certainly don’t minimize that risk! This time, it’s Macs. I guess “drive by” seems to be the term here, although I never heard that term before this.
Granted, trolls are making much more of this than it is (which no doubt hurts Mac sales as intended) but the term “virus” is kind of an understandable mistake.
Exactly. First successful one, but here’s the real myth: the myth of “people who claim Macs are invulnerable.”
No, people merely claim they’re safer. Which they still are. For many reasons, all of them helpful!
That’s a potential malware vector that I wouldn’t ignore if I were behind this, but email hasn’t been mentioned in the articles I’ve seen.
(By the way, Apple has stumbled in their communication on this—and maybe on their actions too—which does show their lack of experience; probably not their lack of caring. It may also be that this Russia-based sinkhole left them wondering who the good guys really are—which could well keep them silent while making sure of that. Even so, looking at the big security picture, I have to give credit where due: they’ve done things with Lion that NO other “more experienced” OS or vendor has done for security. They’re not the pros in every regard, but they do lead the security pack in other ways. Ways which make me even more glad to be on Mac.)
Also, as for Java being insecure, I always assumed that and always had it turned off, but it shouldn’t have been left to me to do so. Apple should turn it off by default, since most people never need it. I consider Java being enabled by default (much like Open Safe Files) to be a dropped ball by Apple. But easily remedied!
Whats more annoying is that all the idiotic Windows fanboys are parading around every known social networking site gloating that Mac's actually do get viruses.
How did so many people become so misinformed about the differences between trojans, worms, and viruses?
To be fair, “virus” (spreads itself from program to program) vs. “worm” (spreads itself from computer to computer) are terms few can tell apart, and even tech companies don’t always use them consistently. And “Trojan” is too simple a term—some distinction needs to be made between “requiring an unusual user action” and requiring simply visiting a web page. When I see Windows malware installing itself from someone simply visiting a web page, I certainly don’t minimize that risk! This time, it’s Macs. I guess “drive by” seems to be the term here, although I never heard that term before this.
Granted, trolls are making much more of this than it is (which no doubt hurts Mac sales as intended) but the term “virus” is kind of an understandable mistake.
No one ever claimed OS X was invulnerable to malware. This isn't the first piece of malware for OS X anyhow.
Exactly. First successful one, but here’s the real myth: the myth of “people who claim Macs are invulnerable.”
No, people merely claim they’re safer. Which they still are. For many reasons, all of them helpful!
95 months ago
Wait, so it was difficult to contact someone because you don't have direct email addresses to internal people? Why do you need to know this? Here (https://ssl.apple.com/support/security/) it clearly states how to contact Apple.
You don't need to become pen pals with the folks inside Apple just because you found a security vulnerability.
Having direct contact information can help with that, but it's not needed, as long as someone fixes the vulnerability very fast and/or replies so that you can start a collaboration in the best interest of security.
Apple was informed long ago of the security holes. Apple did nothing. Zero. No fixes whatsoever. Many of those 600k infected machines could have been prevented with a more serious approach to security responses by Apple, which most likely needs to be implemented given that they are not under the radar anymore.
95 months ago
Exactly..
I sometimes wonder if these "security companies" who find these vulnerabilities, are not somehow connected to the hackers who exploit them. Particularly ones based in foreign countries where many of these attacks seem to originate.
Apple is no longer developing Java for OSX now that Oracle bought Sun and took over Java. I don't believe Java is included with the default Lion install. You specifically have to go download it and add it in. So if Oracle releases a fix for a Java security hole, it is understandable that Apple would need some time to make the changes to the JVM's they continue to support and then test them before rolling them out.
Most users have no need for Java on their machines these days. Very few mainstream web sites use it. Corporations that use Java based apps are probably using some type of ERP system, like Oracle, that use Java in some of their products, but for the average Mac user has very little need for it.
As for Apple being "secretive" or "non-communicative" - typical press noise and hype. These security experts all want their 15 minutes of fame. Or more if they can get it.
It cracks me up how many people come to an Apple focused web sites to whine, complain, and throw hate at Apple. If you are a Windows user, why would you even visit a Mac focused site? If your an Apple hater, why even buy an Apple product? What a pitiful life you must lead.
Step 1: Fake trojan outbreak news
Step 2: Create bogus removal tool that infects Mac when run
Step 3: 20 millions of Macs now trojaned
:D
)
I sometimes wonder if these "security companies" who find these vulnerabilities, are not somehow connected to the hackers who exploit them. Particularly ones based in foreign countries where many of these attacks seem to originate.
Apple is no longer developing Java for OSX now that Oracle bought Sun and took over Java. I don't believe Java is included with the default Lion install. You specifically have to go download it and add it in. So if Oracle releases a fix for a Java security hole, it is understandable that Apple would need some time to make the changes to the JVM's they continue to support and then test them before rolling them out.
Most users have no need for Java on their machines these days. Very few mainstream web sites use it. Corporations that use Java based apps are probably using some type of ERP system, like Oracle, that use Java in some of their products, but for the average Mac user has very little need for it.
As for Apple being "secretive" or "non-communicative" - typical press noise and hype. These security experts all want their 15 minutes of fame. Or more if they can get it.
It cracks me up how many people come to an Apple focused web sites to whine, complain, and throw hate at Apple. If you are a Windows user, why would you even visit a Mac focused site? If your an Apple hater, why even buy an Apple product? What a pitiful life you must lead.
95 months ago
"They told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren't the ones controlling it and not doing any harm to users," says Sharov. "This seems to mean that Apple is not considering our work as a help. It's just annoying them."
Ugh, this frustrates me.
[ Read All Comments ]
After a busy few weeks of news and rumors, things slowed down a little bit this week, but there were still some major stories worth highlighting. Those include our first hands-on look at dummy models...
For this week's giveaway, we've teamed up with Reolink to offer MacRumors readers a chance to win an Argus 2 wire-free rechargeable home camera and a solar panel for charging it up outdoors.
...
Apple Music has renamed its "The A-List: Hip-Hop" playlist to "Rap Life."
Ebro Darden, global editorial head of hip-hop and R&B at Apple Music, will host a companion...
Samsung is believed to be Apple's exclusive supplier of OLED displays for iPhones, but it may have company soon.
In a research note shared with MacRumors, Barclays analysts said fellow...
1Password has restored the option for customers who originally purchased its iOS app to create a local vault during setup, after users queued up online to voice their frustrations with the fact that...
Apple is planning to open an office in highly desired location in Vancouver, Canada reports Bloomberg. The company has leased space in a 24-story office building at 400 West Georgia owned by...
Elevation Lab, known for its line of popular iPhone charging docks, today released the FamilyCharger, a multi-charging setup designed to allow you to charge all of your devices in one place.
The...
Apple today seeded the third beta of an upcoming macOS Catalina update to its public beta testing group, two weeks after seeding the second public beta and a day after seeding the fourth developer...
