You are here

9 posts / 0 new
Last post
Anyone find the Flashback Trojan? #1
Butch Miller's picture
by Butch Miller
April 13, 2012 - 7:37am

The past week the trojan (via Java) news has been pretty hectic … I applied both the patch updates for Java via Software Update and had checked for the culprit hidden files using Terminal as per instructions on the blogosphere … found two files though they never seemed to execute or finish installing as I had no indication on Activity Monitor or any logs … I recall reading somewhere that if you had one of the more popular virus scanning options installed, the trojan would not continue on … I do have ClamXav installed.

Today, just hours ago, Apple issued yet another update that would check for and delete any files, even though the earlier updates were said to close the loop and prevent the trojan from installing or functioning, this update would delete it …

So minutes ago I did the update and after it was done I had a popup that said it found “OSX.Flashback.iv” and deleted same.

Anyone else been following this? … and have similar results? …

Chris Hoch's picture
by Chris Hoch
April 13, 2012 - 7:41am

Nope no sign of it on my machine.

I have sophos running on mine, I prefer that over ClamXav.

I also ran the kaspersky tool just before the last java update and it said there was no sign of the virus either.

Butch Miller's picture
by Butch Miller
April 13, 2012 - 7:51am

Just ran the update on my Macbook Pro which sees much more web browser activity than my iMac … and it came up clean … go figure …

I would be curious where I picked it up as I don’t do much if any surfing questionable sites and refrain from email links I am not familiar with, even those from close family and friends … though as widespread as it was … could have been almost anywhere …

David  Moore's picture
by David Moore
April 13, 2012 - 9:42am

So Butch you got lucky! Good Job! I ran the Terminal scripts and came up empty. Too bad for you it wasn’t the Lottery! I was running Sophos but just took it off. Thought it might slow me down. And sometimes when I would wake up the computer it said for a very brief moment that it found something …. turned out to be an image message would disappear as soon as the cpu was fully awake. Sophos must have trouble when the computer is going to sleep.

davidbmoore@mac.com
Twitter= @davidbmoore
Scottsdale AZ

Chris Hoch's picture
by Chris Hoch
April 13, 2012 - 3:17pm

I have never seen that problem with Sophos before.

I do exclude my managed library from getting real time scanning. Everytime I made an alteration I found it taking a while for it to happen on screen. Once I took my library out of the real time scanning process aperture came back up to speed.

alexander leake's picture
by alexander leake
April 17, 2012 - 12:26pm

Yes i got this same message after i updated software of my computer. I use clamXav and Avast.

So this update from apple now just deletes malware?? I was thinking maybe avast did it.
Avast scans my computer before it turns on every-time. -.- increasing the start up time to about 5 minutes.

PhotoJoseph's picture
by PhotoJoseph
April 17, 2012 - 12:34pm

Alexander,

I think that update is specific to the Flashback trojan, being that it was one of the most widespread viruses the Mac has ever seen. It still is a good idea to run your own software, if you find yourself encountering viruses often. I have to ask though — how often do you find them?

-Joseph

@PhotoJoseph
— Have you signed up for the mailing list?

gfsymon's picture
by gfsymon
April 17, 2012 - 4:46pm

Joseph,

There are no known viruses on MacOSX.

Flashback is not a virus. It is a ‘Trojan’.

The difference is that a virus can propagate itself via infected computers. The Flashback trojan can only infect your Mac, if you visit a web-page that has the code in it.

Flashback is the first ever MacOSX trojan that can infect your Mac without first requiring you to enter you password to allow it access. It does this, because most people have Safari’s and other browsers preferences checked to allow Java to run at will. The only thing you have to do in order to be safe from all of these Java exploits is to un-check that preference. Anti-virus software is not going to help with this.

(NB : Java is in no way related to Javascript. They are totally separate technologies)

So Flashback is a Java based trojan and Java is a technology that Apple no longer include with their OS installations. It is not installed by the MacOS since 10.7 Lion. Java’s security weaknesses may very well be one of the reasons Apple chose to drop it but beyond that … who the hell uses it these days anyway … oh yes, that good old security aware company Adobe, in Photoshop. Sigh.

I think a lot of people coming from Windows, just assume that anti-virus software is part of computing. Just one of those things you need to have. Clearly we need to be vigilant, especially when entering your Admin password when asked, but I see no need to install any of these poorly written softwares on my Macs … and they are poorly written.

Butch Miller's picture
by Butch Miller
April 17, 2012 - 9:01pm

Yes, indeed … there hasn’t been a single actual “virus” that can attack OS X directly. The only known malware that can infect a Mac currently are trojans … and as gfsymon has pointed out, up until now they have required user action to deploy …

Seems there is a new one this week that is related to Word documents. All the Windows based folk are relishing in the fact that the sky is falling for Mac users of late … but the truth is … the only way to attack a Mac is by cross platform, third-party methods … they still can’t hit us directly at will.

For anyone that would like to brush up on current malware protection I noticed this video this morning:

http://www.cultofmac.com/161126/securing-your-mac-from-viruses-and-malware-video-how-to/

You may login with either your assigned username or your e-mail address.
Passwords are case-sensitive - Forgot your password?