Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
Originally Posted by
Worker 11811
Smart users will stay away from backwater porn websites, and illegal download sites and they will not download programs from places they don't trust 100% and they will delete spam or unexpected e-mails without reading them or clicking on links.
Anybody who got hit with this Trojan was stupid enough to ignore this basic rule of safety and they got what they deserve.
If only this were true. Many many legitimate web sites are compromised every day due to programming flaws that allow the bad guys to alter their code and plant malware. Big corporations run regular security audits on their web sites to try to detect these coding flaws, but they aren't always done for every web site update. Smaller companies rarely run these audits. So avoiding porn sites is hardly a guarantee that your computer is safe.
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
Originally Posted by
Worker 11811
Remember that "Flashback" isn't really a virus or a worm in the classic sense. It is a TROJAN. It operates differently.
The Flashback trojan operates a little differently in that it exploits a Java hole, so just touching an infected web site will load and execute it. Years ago I was hit by a drive-by download. Took me a whole afternoon to get rid of the adware on my machine. Yech.
Quote:
Originally Posted by
Darin Boville
It comes up just when it logs in:
Last login: Wed Apr 18 22:50:02 on ttys000
You have new mail.
darin-bovilles-imac-2:~ darin$
Weird, huh? I have no unread mail in my mail program!
-Darin
Yes, you do. It's the "mail" system mail. Type "mail" at the prompt, and read the mail. This is a holdover from long ago, and is your system's internal mail, during a time when multiple terminals were connected to a central computer. (Once upon a time, in front of a VT52 terminal, there sat a programmer who needed to send a message to his coworker, who wasn't in on the weekend. And so he ...)
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Interesting. In the words of Johnny Carson, "I did NOT know that." ;)
I don't allow Java to run in my browsers and I have "Flashblock" set to restrict the use of Javascript on any website I don't have specifically whitelisted but I will keep a closer eye on things like this, now.
Where can I find a page that describes Flashback and how it works. The only things I have found are "news" articles that say how bad it is but few, if any give salient details.
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
Originally Posted by
Brian C. Miller
Yes, you do. It's the "mail" system mail. Type "mail" at the prompt, and read the mail. This is a holdover from long ago, and is your system's internal mail, during a time when multiple terminals were connected to a central computer. (Once upon a time, in front of a VT52 terminal, there sat a programmer who needed to send a message to his coworker, who wasn't in on the weekend. And so he ...)
Got it--thanks. Looks like SuperDuper has been e-mailing me about something or other. Hundreds of times! All deleted now...
--Darin
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
Originally Posted by
Worker 11811
Where can I find a page that describes Flashback and how it works. The only things I have found are "news" articles that say how bad it is but few, if any give salient details.
The Register: New password-snatching Mac Trojan spreading in the wild
Basically, applets need certain clearances to do various things, thus a "trust model" is configured. Flashback exploited a problem between the "trusted" and "untrusted" sections, and the software bug allowed an "untrusted" applet to become "trusted," thus giving it access to too much functionality. In this case, the malware only stole login information.