Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
but what is my Mom in Florida supposed to do?
She might invite you for a nice vacation in the sun. And - maybe - if you should have a few seconds, you might check her 'tin willy' :cool:
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
In this case, it appears if you didn't type in your administrator password AND you don't have MS Office components and/or Skype on your machine, the trojan horse bails and your machine should be fine.
Don't ever type in your administrator password unless you are certain of why you are being asked to do so.
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
Originally Posted by
John NYC
In this case, it appears if you didn't type in your administrator password AND you don't have MS Office components and/or Skype on your machine, the trojan horse bails and your machine should be fine.
Don't ever type in your administrator password unless you are certain of why you are being asked to do so.
I think you have the part about MS Office and Skype backwards, Flashback aborts if you do have those installed:
Quote:
In cases where the user did not input their administrator password, the malware checks if the following path exists in the system:
/Applications/Microsoft Word.app
/Applications/Microsoft Office 2008
/Applications/Microsoft Office 2011
/Applications/Skype.app
If any of these are found, the malware again skips the rest of its routine and proceeds to delete itself, presumably to avoid infecting a system that has an incompatible application installed.
The quote is from the f-secure page.
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
MS Office - No thanks :cool:
I use Open Office or Libre Office.
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
Originally Posted by
Mike Anderson
I think you have the part about MS Office and Skype backwards, Flashback aborts if you
do have those installed:
The quote is from the
f-secure page.
Correct, I got that backwards.
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
Originally Posted by
Frank Petronio
Right, I remember this last year and checked but it was very nerdy. Since then we've added new Macs for family and I forgot to check, and it just seems very un-Mac like to go through this much hassle if it is still a problem
Call Jordan Hubbard and let him know you only bought a Mac so you could be ten feet tall and bulletproof. Then you can tell him if the OS was open to more review by the open source crowd, it might have been prevented. Things like this get him going.
Then again, if it were more open to review, you could suffer from more of the same.
Ah, the joys of The Internet!
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Remember that "Flashback" isn't really a virus or a worm in the classic sense. It is a TROJAN. It operates differently.
A virus is malicious code attached to a file or program that activates when it is opened or executed.
A worm is malicious code that spreads from computer to computer via networks and can spread WITHOUT human interaction.
A Trojan is a malicious program that masquerades as a useful one; often a game. An unsuspecting person downloads it and runs it, thinking they are getting something useful but, in reality, their computer is compromised.
The reason I bring this up is because true viruses or worms are exceedingly rare on Mac OS. I have only ever seen a Mac virus one time, many years ago. It wasn't even a really nasty one. It just messed up certain files.
While it is still safe to say that Mac OS is relatively secure from viruses or worms (not completely safe, just mostly safe) there is *NO* computer that is safe from Trojans. There never has been a computer system that is safe from Trojans and there never will be a computer system that is safe from Trojans.
As long as there are people who download and/or install programs on computers without thinking first and as long as there are people who are stupid enough to type their password when the computer puts up a dialogue asking them to do so, there will be Trojans.
Most Trojans can be blocked if operating system programmers who make Mac OS, Windows, Linux and other systems know how those programs operate (or are likely to operate) but, as long as there are stupid people using computers, there will be Trojans. That's all there is to it. Period.
Smart users will stay away from backwater porn websites, and illegal download sites and they will not download programs from places they don't trust 100% and they will delete spam or unexpected e-mails without reading them or clicking on links.
Anybody who got hit with this Trojan was stupid enough to ignore this basic rule of safety and they got what they deserve.
No matter what operating system you use, just don't download $hit and you won't get a Trojan. It really is as simple as that.
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
I just did this and I'm fine. However, it did say "You have new mail." What is up with that?
--Darin
Quote:
Originally Posted by
toyotadesigner
Start 'Terminal', copy the first line below, insert it into terminal CMD+V and hit ENTER.
If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"
Keep 'Terminal' running, copy the seconde line below, insert it into terminal CMD+V and hit ENTER.
If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"
Keep 'Terminal' running, copy the third line below, insert it into terminal CMD+V and hit ENTER.
If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"
--------------------//--
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
defaults read /Applications/Safari.app/Contents/Info DYLD_INSERT_LIBRARIES
defaults read /Applications/Firefox.app/Contents/Info DYLD_INSERT_LIBRARIES
--------------------//--
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
If you got the message(s) 'does not exist', your machine is clean. I have no idea why it said 'You have new mail'. Maybe a coincidence?
Did you try to run the check again and reproduce the strange 'You have new mail' message?
As far as I understand the routine it only checks for the DYLD message, but not for mail.:confused:
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
It comes up just when it logs in:
Last login: Wed Apr 18 22:50:02 on ttys000
You have new mail.
darin-bovilles-imac-2:~ darin$
Weird, huh? I have no unread mail in my mail program!
-Darin
Quote:
Originally Posted by
toyotadesigner
If you got the message(s) 'does not exist', your machine is clean. I have no idea why it said 'You have new mail'. Maybe a coincidence?
Did you try to run the check again and reproduce the strange 'You have new mail' message?
As far as I understand the routine it only checks for the DYLD message, but not for mail.:confused: