'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened?
This morning's Apple Insider has an article about how the Flashback Trojan Virus infected 600K Macs last year:
http://www.appleinsider.com/articles...worldwide.html
Mac Viruses have been rare compared to PCs, making them a target of opportunity it seems.
What became of Flashback and what did it end up doing?
The detection and removal process looks difficult and it is unclear, to me at least, whether regular Apple software updates will prevent it or hunt it down and remove it.
You can't tell me 600K Mac users need to go into Terminal and diagnose what's going on when most are lucky to know how to do the most basic computer tasks (by design).
Even if you have the Flashback Virus, what is the net downside, did people get ripped off?
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
If you upgrade the OS (I just did to 10.6.8) it will fix the vulnerability. Don't know if it removes the virus if it's already there.
If you don't want to upgrade the OS, disabling Java will guard against getting the virus.
Reputable sites are pointing here for checking and removal instructions:
http://www.f-secure.com/v-descs/troj...shback_i.shtml
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
It appears to need Safari (I thought I read that somewhere today) which I don't use (I use Google C) except to login to my credit card account which I did a few minuts ago. However I did the Java upgrade this morning without knowledge of this issue before using Safari to login to my CC act. Hmmm.......how do you know if you have the virus? That is not clear.
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
Originally Posted by
Frank Petronio
Even if you have the Flashback Virus, what is the net downside, did people get ripped off?
I think it can download executables and execute them as instructed by a controlling evil server, so the backdoor is wide open. It will probably try different things to get passwords and account numbers, etc.
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
Originally Posted by
Kirk Gittings
It appears to need Safari (I thought I read that somewhere today) which I don't use (I use Google C) except to login to my credit card account which I did a few minuts ago. However I did the Java upgrade this morning without knowledge of this issue before using Safari to login to my CC act. Hmmm.......how do you know if you have the virus? That is not clear.
appleinsider.com and arstechnica.com are pointing here for instructions to check for and remove the virus:
http://www.f-secure.com/v-descs/troj...shback_i.shtml
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
Originally Posted by
Kirk Gittings
It appears to need Safari (I thought I read that somewhere today) which I don't use (I use Google C) except to login to my credit card account which I did a few minuts ago. However I did the Java upgrade this morning without knowledge of this issue before using Safari to login to my CC act. Hmmm.......how do you know if you have the virus? That is not clear.
Right, I remember this last year and checked but it was very nerdy. Since then we've added new Macs for family and I forgot to check, and it just seems very un-Mac like to go through this much hassle if it is still a problem
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
Quote:
How do you know if you have the virus?
Start 'Terminal', copy the first line below, insert it into terminal CMD+V and hit ENTER.
If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"
Keep 'Terminal' running, copy the seconde line below, insert it into terminal CMD+V and hit ENTER.
If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"
Keep 'Terminal' running, copy the third line below, insert it into terminal CMD+V and hit ENTER.
If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"
--------------------//--
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
defaults read /Applications/Safari.app/Contents/Info DYLD_INSERT_LIBRARIES
defaults read /Applications/Firefox.app/Contents/Info DYLD_INSERT_LIBRARIES
--------------------//--
Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened
That's easy enough but what is my Mom in Florida supposed to do? Hell my 28-year old probably would loose her cookies over that!