Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened?

  1. #1

    Join Date
    Jun 2002
    Posts
    9,487

    'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened?

    This morning's Apple Insider has an article about how the Flashback Trojan Virus infected 600K Macs last year:

    http://www.appleinsider.com/articles...worldwide.html

    Mac Viruses have been rare compared to PCs, making them a target of opportunity it seems.

    What became of Flashback and what did it end up doing?

    The detection and removal process looks difficult and it is unclear, to me at least, whether regular Apple software updates will prevent it or hunt it down and remove it.

    You can't tell me 600K Mac users need to go into Terminal and diagnose what's going on when most are lucky to know how to do the most basic computer tasks (by design).

    Even if you have the Flashback Virus, what is the net downside, did people get ripped off?

  2. #2

    Join Date
    Sep 1998
    Location
    Loganville , GA
    Posts
    14,409

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened


  3. #3
    Format Omnivore Brian C. Miller's Avatar
    Join Date
    Jun 1999
    Location
    Everett, WA
    Posts
    2,997

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    "It's the way to educate your eyes. Stare. Pry, listen, eavesdrop. Die knowing something. You are not here long." - Walker Evans

  4. #4
    Mike Anderson's Avatar
    Join Date
    Jan 2010
    Location
    San Diego
    Posts
    681

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    If you upgrade the OS (I just did to 10.6.8) it will fix the vulnerability. Don't know if it removes the virus if it's already there.

    If you don't want to upgrade the OS, disabling Java will guard against getting the virus.

    Reputable sites are pointing here for checking and removal instructions:

    http://www.f-secure.com/v-descs/troj...shback_i.shtml
    Mike → "Junior Liberatory Scientist"

  5. #5
    Kirk Gittings's Avatar
    Join Date
    Mar 2004
    Location
    Albuquerque, Nuevo Mexico
    Posts
    9,864

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    It appears to need Safari (I thought I read that somewhere today) which I don't use (I use Google C) except to login to my credit card account which I did a few minuts ago. However I did the Java upgrade this morning without knowledge of this issue before using Safari to login to my CC act. Hmmm.......how do you know if you have the virus? That is not clear.
    Thanks,
    Kirk

    at age 73:
    "The woods are lovely, dark and deep,
    But I have promises to keep,
    And miles to go before I sleep,
    And miles to go before I sleep"

  6. #6
    Mike Anderson's Avatar
    Join Date
    Jan 2010
    Location
    San Diego
    Posts
    681

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    Quote Originally Posted by Frank Petronio View Post
    Even if you have the Flashback Virus, what is the net downside, did people get ripped off?
    I think it can download executables and execute them as instructed by a controlling evil server, so the backdoor is wide open. It will probably try different things to get passwords and account numbers, etc.
    Mike → "Junior Liberatory Scientist"

  7. #7
    Mike Anderson's Avatar
    Join Date
    Jan 2010
    Location
    San Diego
    Posts
    681

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    Quote Originally Posted by Kirk Gittings View Post
    It appears to need Safari (I thought I read that somewhere today) which I don't use (I use Google C) except to login to my credit card account which I did a few minuts ago. However I did the Java upgrade this morning without knowledge of this issue before using Safari to login to my CC act. Hmmm.......how do you know if you have the virus? That is not clear.
    appleinsider.com and arstechnica.com are pointing here for instructions to check for and remove the virus:

    http://www.f-secure.com/v-descs/troj...shback_i.shtml
    Mike → "Junior Liberatory Scientist"

  8. #8

    Join Date
    Jun 2002
    Posts
    9,487

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    Quote Originally Posted by Kirk Gittings View Post
    It appears to need Safari (I thought I read that somewhere today) which I don't use (I use Google C) except to login to my credit card account which I did a few minuts ago. However I did the Java upgrade this morning without knowledge of this issue before using Safari to login to my CC act. Hmmm.......how do you know if you have the virus? That is not clear.
    Right, I remember this last year and checked but it was very nerdy. Since then we've added new Macs for family and I forgot to check, and it just seems very un-Mac like to go through this much hassle if it is still a problem

  9. #9

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    How do you know if you have the virus?
    Start 'Terminal', copy the first line below, insert it into terminal CMD+V and hit ENTER.

    If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"

    Keep 'Terminal' running, copy the seconde line below, insert it into terminal CMD+V and hit ENTER.

    If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"

    Keep 'Terminal' running, copy the third line below, insert it into terminal CMD+V and hit ENTER.

    If your system is not infected then the output of these commands will state in part that the domain/default pair "does not exist"

    --------------------//--

    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    defaults read /Applications/Safari.app/Contents/Info DYLD_INSERT_LIBRARIES

    defaults read /Applications/Firefox.app/Contents/Info DYLD_INSERT_LIBRARIES


    --------------------//--

  10. #10

    Join Date
    Jun 2002
    Posts
    9,487

    Re: 'Flashback' trojan estimated to have infected 600K Macs worldwide - What Happened

    That's easy enough but what is my Mom in Florida supposed to do? Hell my 28-year old probably would loose her cookies over that!

Similar Threads

  1. Digital Picture Frames Infected With Virus
    By Brian Ellis in forum Digital Hardware
    Replies: 13
    Last Post: 24-Jan-2008, 21:47
  2. Worldwide Pinhole Photography Day
    By Aaron_3437 in forum Announcements
    Replies: 2
    Last Post: 26-Feb-2004, 17:37

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •