iTrojan? Oh Snap!!!


Last Updated: 2012-04-13 18:39:12
  1. Steven58

    Steven58 Reformed PH VIP Member

    Flashback Trojan Hits 550,000 Macs | News & Opinion | PCMag.com


    Analysis of a recent Java flaw exploited by the Flashback Trojan reveals that more than 550,000 Macs were affected in the U.S. and abroad, according to anti-virus vendor Doctor Web.
    "This once again refutes claims by some experts that there are no cyber-threats to Mac OS X," Doctor Web said in a Tuesday blog post.
    About 56.6 percent of the infected computers, or 303,449, are located in the U.S., while 19.8 percent are in Canada, 12.8 percent are in the U.K., and 6.1 percent are in Australia, Doctor Web said. For more, see the map below.
    As PCMag's Security Watch noted yesterday, Mac users did not have to download or even interact with the malware to become infected. Websites exploited a Java flaw that let Flashback.K download itself onto Macs without warning. It then asked users to supply an administrative password, but even without that password, the malware was already installed.
    "The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it," Doctor Web said.
    Doctor Web posted a list of some of the websites containing the malicious code, including ustream.rr.nu, bestustreamtv.rr.nu, ironmanvideo.rr.nu, godofwar3.rr.nu, and more. But in all, "links to more than four million compromised web-pages could be found on a Google SERP at the end of March," the firm said.
    Some of those who posted to the Apple forums also reported being infected after visiting dlink.com.
    The attacks started in February via two particular exploits before switching to another one in March. Apple didn't patch the problem until April 3, however. Doctor Web recommended that all users install the update to prevent infections.
    Oracle fixed the same security flaw for Java for Windows, Linux, and Unix in February, Security Watch said.
    As Sophos noted in a Wednesday blog post, this is the second widespread malware attack infecting Apple's OS X in the last year. The first one popped up in the first half of 2011, but after a Russian cybercriminal Pavel Vrublevsky was arrested, the "problem appeared to be solved," wrote Sophos analyst Chester Wisniewski.
    With this latest threat, Wisniewski said Sophos "received a reasonable amount of criticism (as we do every time we discuss Mac threats) about over-hyping the risk and trying to scare people into installing our *free* protection." But, he continued, the "number of attack reports from our customers increased dramatically in the last few days."
    Wisniewski also suggested that users install the Apple update, but insisted that "Mac users can no longer rely on simply updating their computers. Preventative protection is an essential defense mechanism to detect and thwart future attacks."

    Advertisement
    ocnbrze and 9to5cynic like this.
  2. 9to5cynic

    9to5cynic Well-Known Member

    How would you guys take that? Without supplying the password, that malware is just taking up space right? Can it interact with the system if no root password is supplied?

    [~~~~~~~~~~~]

    I recently heard that an OSX version of Zeus was made, so it seems to me that the 'virus-free*' nature of OSX is about to go to the wayside.

    Interesting to say the least.
  3. mikedt

    mikedt 你好 Guide

    I believe malware can run on a Mac without the admin/root password, it's just running with user privileges rather than admin/root privileges. Probably can still do damage, like trashing all the user's documents.

    I'm sure these days Windows is much more secure, and probably harder to infect. MS is regularly patching and extensively documenting (Knowledge Base) any problems. Not like the early days of XP.

    Maybe Macs are a soft target? Apple seems to wait for months before releasing patches for OS X, e.g. Java vulnerabilities, and even then they're rather vague about what the problem actually is.
    9to5cynic likes this.
  4. A.Nonymous

    A.Nonymous Well-Known Member

    The thing that strikes me about this is how Apple took two months to patch the exploit. That is way, way, way too long.
  5. 9to5cynic

    9to5cynic Well-Known Member

    ^ agreed. Especially when their site claims (or at least did so in the past) that any security issues are addressed immediately - because they *really* care.

    :rolleyes:
  6. IOWA

    IOWA Mr. Logic Pants Moderator

    People are also forgetting about social engineering, which is how most Windows malware gets Admin rights. The malware itself doesn't 'hack' or 'break' into Admin/Root status, the user gives it to the malware willingly.
  7. A.Nonymous

    A.Nonymous Well-Known Member

    It does run under user priviliges though and works under those privileges. I still think it's ridiculous that they waited two months to fix it. Microsoft would be roasted on every forum in the world if they had a known security exploit out there and waited two months to fix it.
    9to5cynic and IOWA like this.
  8. SamuraiBigEd

    SamuraiBigEd Under paid Sasquatch! Moderator

    Maybe more Mac owners will finally fess up that Apple products aren't immune...yeah...right...:rolleyes:;):D

    We all know the real issue is the big evil company, not the users...whatever product you are using!
    B2L likes this.
  9. B2L

    B2L Well-Known Member

    Wait, I can has trojan too? Anyone who thinks they're inevitable to malware shouldn't be on any computer.
  10. 9to5cynic

    9to5cynic Well-Known Member

    Okay, so here's a bit more info that I was reading about.

    FlashBack:
    >600,000 infected (~2% of all Macs)
    >The infected hosts are now members of a botnet ( yay!...?)
    >The trojan also injects lines into applications such as Skype for additional phishing purposes (everyone loves phishing right?)
    > It was spread via a JavaScript payload that would start up a Java applet to install the trojan on the hosts.
    >There is a tool to check if you are infected (written by a Garmin [GPS] employee)

    ;)
  11. OutofDate1980

    OutofDate1980 Well-Known Member

    Go Italy. Android vulnerability debugged

    "A group of Italian researchers have discovered and neutralized a serious vulnerability present in all versions of Android, the popular operating system developed by Google specifically for smartphones and tablet computers."

Share This Page