Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened?

  1. #11

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    but what is my Mom in Florida supposed to do?
    She might invite you for a nice vacation in the sun. And - maybe - if you should have a few seconds, you might check her 'tin willy'

  2. #12

    Join Date
    Aug 2009
    Posts
    1,176

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    In this case, it appears if you didn't type in your administrator password AND you don't have MS Office components and/or Skype on your machine, the trojan horse bails and your machine should be fine.

    Don't ever type in your administrator password unless you are certain of why you are being asked to do so.

  3. #13
    Mike Anderson's Avatar
    Join Date
    Jan 2010
    Location
    San Diego
    Posts
    681

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    Quote Originally Posted by John NYC View Post
    In this case, it appears if you didn't type in your administrator password AND you don't have MS Office components and/or Skype on your machine, the trojan horse bails and your machine should be fine.

    Don't ever type in your administrator password unless you are certain of why you are being asked to do so.
    I think you have the part about MS Office and Skype backwards, Flashback aborts if you do have those installed:

    In cases where the user did not input their administrator password, the malware checks if the following path exists in the system:

    /Applications/Microsoft Word.app
    /Applications/Microsoft Office 2008
    /Applications/Microsoft Office 2011
    /Applications/Skype.app
    If any of these are found, the malware again skips the rest of its routine and proceeds to delete itself, presumably to avoid infecting a system that has an incompatible application installed.
    The quote is from the f-secure page.
    Mike → "Junior Liberatory Scientist"

  4. #14

    Join Date
    Sep 2003
    Location
    Massachusetts USA
    Posts
    8,476

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    MS Office - No thanks

    I use Open Office or Libre Office.

  5. #15

    Join Date
    Aug 2009
    Posts
    1,176

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    Quote Originally Posted by Mike Anderson View Post
    I think you have the part about MS Office and Skype backwards, Flashback aborts if you do have those installed:


    The quote is from the f-secure page.
    Correct, I got that backwards.

  6. #16
    funkadelic
    Join Date
    Sep 2008
    Location
    Yadkinville, NC, USA
    Posts
    1,300

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    Quote Originally Posted by Frank Petronio View Post
    Right, I remember this last year and checked but it was very nerdy. Since then we've added new Macs for family and I forgot to check, and it just seems very un-Mac like to go through this much hassle if it is still a problem
    Call Jordan Hubbard and let him know you only bought a Mac so you could be ten feet tall and bulletproof. Then you can tell him if the OS was open to more review by the open source crowd, it might have been prevented. Things like this get him going.
    Then again, if it were more open to review, you could suffer from more of the same.
    Ah, the joys of The Internet!

  7. #17

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    Remember that "Flashback" isn't really a virus or a worm in the classic sense. It is a TROJAN. It operates differently.

    A virus is malicious code attached to a file or program that activates when it is opened or executed.
    A worm is malicious code that spreads from computer to computer via networks and can spread WITHOUT human interaction.
    A Trojan is a malicious program that masquerades as a useful one; often a game. An unsuspecting person downloads it and runs it, thinking they are getting something useful but, in reality, their computer is compromised.

    The reason I bring this up is because true viruses or worms are exceedingly rare on Mac OS. I have only ever seen a Mac virus one time, many years ago. It wasn't even a really nasty one. It just messed up certain files.

    While it is still safe to say that Mac OS is relatively secure from viruses or worms (not completely safe, just mostly safe) there is *NO* computer that is safe from Trojans. There never has been a computer system that is safe from Trojans and there never will be a computer system that is safe from Trojans.

    As long as there are people who download and/or install programs on computers without thinking first and as long as there are people who are stupid enough to type their password when the computer puts up a dialogue asking them to do so, there will be Trojans.

    Most Trojans can be blocked if operating system programmers who make Mac OS, Windows, Linux and other systems know how those programs operate (or are likely to operate) but, as long as there are stupid people using computers, there will be Trojans. That's all there is to it. Period.

    Smart users will stay away from backwater porn websites, and illegal download sites and they will not download programs from places they don't trust 100% and they will delete spam or unexpected e-mails without reading them or clicking on links.

    Anybody who got hit with this Trojan was stupid enough to ignore this basic rule of safety and they got what they deserve.

    No matter what operating system you use, just don't download $hit and you won't get a Trojan. It really is as simple as that.
    Randy S.

    In girum imus nocte et consumimur igni.

    -----

    http://www.flickr.com/photos/randystankey/

  8. #18

    Join Date
    May 2004
    Location
    Montara, California
    Posts
    1,827

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    I just did this and I'm fine. However, it did say "You have new mail." What is up with that?

    --Darin



    Quote Originally Posted by toyotadesigner View Post
    Start 'Terminal', copy the first line below, insert it into terminal CMD+V and hit ENTER.

    If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"

    Keep 'Terminal' running, copy the seconde line below, insert it into terminal CMD+V and hit ENTER.

    If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"

    Keep 'Terminal' running, copy the third line below, insert it into terminal CMD+V and hit ENTER.

    If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"

    --------------------//--

    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    defaults read /Applications/Safari.app/Contents/Info DYLD_INSERT_LIBRARIES

    defaults read /Applications/Firefox.app/Contents/Info DYLD_INSERT_LIBRARIES


    --------------------//--

  9. #19

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    If you got the message(s) 'does not exist', your machine is clean. I have no idea why it said 'You have new mail'. Maybe a coincidence?

    Did you try to run the check again and reproduce the strange 'You have new mail' message?

    As far as I understand the routine it only checks for the DYLD message, but not for mail.

  10. #20

    Join Date
    May 2004
    Location
    Montara, California
    Posts
    1,827

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    It comes up just when it logs in:

    Last login: Wed Apr 18 22:50:02 on ttys000
    You have new mail.
    darin-bovilles-imac-2:~ darin$


    Weird, huh? I have no unread mail in my mail program!

    -Darin


    Quote Originally Posted by toyotadesigner View Post
    If you got the message(s) 'does not exist', your machine is clean. I have no idea why it said 'You have new mail'. Maybe a coincidence?

    Did you try to run the check again and reproduce the strange 'You have new mail' message?

    As far as I understand the routine it only checks for the DYLD message, but not for mail.

Similar Threads

  1. Digital Picture Frames Infected With Virus
    By Brian Ellis in forum Digital Hardware
    Replies: 13
    Last Post: 24-Jan-2008, 21:47
  2. Worldwide Pinhole Photography Day
    By Aaron_3437 in forum Announcements
    Replies: 2
    Last Post: 26-Feb-2004, 17:37

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •