Mac Malware from Fake Flash Installer

[Frank Petronio]

A couple of weeks ago a pesky Flash installer popped up asking to update my Adobe Flash plug-ins on my Mac. Thinking nothing of it, I authorized it using my system password and it seemed to install.

Now I read about this: http://www.macworld.com/article/1631...e_updates.html

And I suspect I may have gotten fooled. I'm on 10.6.8.

According to reports, the malware is inactive but it allows for future intrusions, giving the bad guys access to my computer.

I uninstalled Flash from Safari and am browsing with Camino, sans Flash.

Right now I am running the latest free trial of Intego's Virus Barrier X6. However I am not 100% certain that it will flush out any malware installation. From what I gather, a clean install of the OS is the only way to fix the issue.

What do you guys think? Is running a Virus Barrier X6 scan enough? Is this a moot point that Apple will fix with a Security Update?

I used to pay attention to the URLs where updates and finances orginated, I see I need to be more vigilant in the future, now that Macs are getting Viruses and Malware.

[Scott Knowles]

Flash on a Mac is not supposed to give you a notice to update. You should never update from a prompt but check it at Adobe's Flash Web page at:

http://www.adobe.com/software/flash/about/

to verify what you have against what is the latest version, and then install it from there. I run MacScan's application routinely on the main HD for malware, viruses, etc.

[Sevo]

You'll have to boot from another drive with a clean install - a live rootkit will often disguise itself, but it can be trivially scanned from a clean system (and there, the malware detection updates will work too).

[Jim C.]

You're probably better off backing up your photo files and docs then doing a drive wipe
and clean reinstall the OS off a Installer disk, at least 10.6 ( snow leopard ) came on a disk
not sure how you would go about it with 10.7 ( Lion ) since it's download only
or if you buy it on a USB flash drive.

You can also create a new disposable login account that does not give you admin privileges
and use that for general stuff if it gets infected, ditch it.

[Jon Shiu]

How do I check my niece's iMac to see if it has been infected with this thing?

Jon

[Jim C.]

Jon - according to the F-Secure site the XProtectUpdater files are pooched so if you're in doubt on whether your neices iMac is infected do a clean reinstall from a installer dvd that came with her iMac or a store bought upgrade.

installing Little Snitch seem to kill the trojan since it checks to see if it's installed, if it
finds it the trojan self deletes.

[Corran]

Wow interesting, I guess it's finally happening, Macs having more serious viruses. Good luck.

[Frank Petronio]

Yeah I actually thought it could be suspicious but it looked so Adobe-ish, as in Adobe products are only a step up from Malware themselves... so I clicked OK and entered my password on auto-pilot, all the while thinking, "hmm..." but doing it anyway because Adobe often does funky BS with their updates.

About to nuke the city to kill the zombies, seeya in the AM if I survive....

[Tori Nelson]

Thanks so much for this info! I just ran a check on my Mac (thought I may have run this fake program) and found that it is fine, though this has made me aware that I need to install some protection... so much for being a smug Mac user.

[johnielvis]

Mac Malware.....

I do like the sounds of that....

maybe I should start calling myself that

is there a way to change your name on this thing or am I stuck with johnielvis now?