Macs Infected With Flashback Malware

[dogg57]

A Russian antivirus company claims that some 600,000 Macs -- most in the U.S. and Canada -- are infected with a trojan horse virus called "Flashback."
The company, Dr. Web, issued a report on Wednesday that claimed 550,000 computers running Mac OSX were subject to Flashback. Later, Sorokin Ivan, an analyst at Dr. Web, sent a tweet upgrading the figure to 600,000 and added that 274 were based in Cupertino, Calif., Apple's hometown. Fifty-seven percent of all Macs affected are in the U.S., while another 20% are based in Canada, according to the company.

http://news.yahoo.com/more-600-000-macs-infected-flashback-malware-report-091608469.html

 

[Boyd]

To check if your Mac is infected, open the Terminal program (found in the Utilities folder inside the Applications folder). Paste the following command into terminal

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

Hit the return key and now paste this command into Terminal

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get a response saying that the domain/pair does not exist for each of these, you are not infected. The strange thing is that if you have Microsoft Office 2008, Office 2011 or Skype on your Mac, the virus won't get installed. Maybe that's why I'm clean?

Recently GPSFileDepot - a site containing free maps and discussions of mapmaking - was hacked with something that looked pretty innocuous. The hack caused users to be redirected to several unrelated websites that didn't appear malicious. However, I now see that those sites are the ones that have been propagating this virus.

The GPSFileDepot hack has now been cleaned up, but this is the site where you download all of my NJ maps. If you visited GPSFileDepot within the last month and use a Mac, you should check it. Note that none of the maps or files at GPSFileDepot were infected. Only the code that runs their forums.

 

[Teegate]

I had already checked the LaunchAgents folders in my computer and the text that runs the virus is not there. I hate using the Terminal...it is so un-Mac like.

Guy

 

[Spung-Man]

Thanks for the warning. I too checked as instructed and fortunately appear to be virus free!

Mark

 

[Teegate]

Just make sure you keep your Java software updated and you will not have a problem with this virus.

Guy

 

[Boyd]

I hate using the Terminal...it is so un-Mac like.

But you should be thankful it's there. This mean's it's a unix based machine and is the reason MacOSX is stable and secure. Meanwhile, Microsoft has spent untold resources reinventing the wheel and ended up with a big mess just so that could say they made it themselves. Bringing unix to the Mac (from NeXT) was arguably the best thing Steve Jobs did for Apple when he returned. It was a gutsy move that many people questioned at the time, but he was right.

It's very cool for me, as an old unix hacker, to open up a terminal window and still find all the standard BSD unix commands I used back in 1985 on a green screen terminal hooked up to a DEC VAX 11/750 minicomputer the size of a washing machine (with another washing machine sized hard disk next to it). But even my iPhone (that also runs on unix) is faster than that old minicomputer by many orders of magnitude.

 

[Teegate]

I am not saying it isn't a good thing, I just prefer not to use it if there are other ways. I just dragged the files I have in the LaunchAgents folders to TextEdit and looked for the code. TexEdit is such a great program for so many things. I use it constantly for my process to convert coordinates to find stones. It is invaluable.

Guy

 

[dogg57]

Think your Apple computer is immune? Think different

Read more: http://www.foxnews.com/scitech/2012/04/11/apple-writing-software-to-rid-half-million-macs-flashback-virus/?intcmp=features#ixzz1rnRm9mzA​

 

[46er]

Flashbacks? Perhaps the Apples were acid heads when they were younger

 

[Pine Baron]

Boyd, Thanx for the virus check. Our Mac is clean. The kids use Skype, so I guess that helps.

John-

 

[Boyd]

Here's some information about the virus removal tool that Apple just made available. It is only needed on systems that don't have Java installed: http://www.macrumors.com/2012/04/13...tool-for-macs-running-os-x-lion-without-java/

 

[Boyd]

Symantec says that over 100,000 Macs are still infected....

http://www.macrumors.com/2012/04/18/flashback-malware-still-affecting-over-100000-macs/

The statistics from our sinkhole are showing declining numbers on a daily basis. However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case. Currently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark.

As there have been tools released by Symantec and other vendors in the past few days concerning this threat, the infection numbers should have seen a dramatic decrease by now.

 

[Boyd]

Now a new trojan/backdoor/virus has been identified on MacOSX. To check if you're infected you can use the Terminal application that is found in the Utilities folder inside the Applications folder. Start it up and type

ls -a

then look for any files named WIFIADAPT.

http://www.forbes.com/sites/anthony...-x-and-linux-steals-passwords-and-keystrokes/

New Trojan Backdoor Malware Targets Mac OS X And Linux, Steals Passwords And Keystrokes

Russian anti-virus software maker Doctor Web, has identified, “The first Trojan in history to steal Linux and Mac OS X passwords.” BackDoor.Wirenet.1, is the first Trojan Horse program that works on the Mac OS X and Linux platforms that is, “designed to steal passwords stored by a number of popular Internet applications.”

The company, which sells anti-virus software that, conveniently, protects you against the malware they are identifying, explains that, “When launched, it creates its copy in the user’s home directory. The program uses the Advanced Encryption Standard (AES) to communicate with its control server whose address is 212.7.208.65.”

The malware, “also operates as a keylogger (it sends gathered keyboard input data to intruders); in addition, it steals passwords entered by the user in Opera, Firefox, Chrome, and Chromium, and passwords stored by such applications as Thunderbird, SeaMonkey, and Pidgin.”

Sounds pretty scary, especially for Mac users unused to these kinds of threats. Fortunately, the precautions are pretty easy:

1. Check for the offending file in your home directory: search for and remove any files titled ”WIFIADAPT.” (If you don’t have any files with this name on your computer, there is no need to proceed with steps 2 and 3)

2. Block IP address “212.7.208.65” that the Trojan communicates with.

3. Download free trial of Dr. Web anti-virus for OS X or Linux or wait for the BackDoor.Wirenet.1 update from your anti-virus software.

I miss the good old days when Mac users felt a smug superiority over Windows users who had to deal with this stuff…

 

[Teegate]

Notice it does not say Safari. I wonder if the reason why is Apple has built a protection against that and the others have not.

I checked and I don't have it.

Guy

 

[bobpbx]

As the writer questions above...do you Mac users still feel that smug superiority? Do you miss the good old days?

 

[Boyd]

do you Mac users still feel that smug superiority?

No, we're not like you.

 

[dogg57]

Mac users do think they are above Virus! Macs are great but sooner then you know the big one will hit all Mac users.

 

[Ben Ruset]

I have a Mac and I run Sophos (a virus scanner) on it. So far it's only alerted me when some spammer emailed me an infected MS Office file. (Infected with a Windows virus.)

 

[this_is_nascar]

Never been a MAC guy, but I thought one of major selling points of that platform was "no virus, no walware"?

 

[Ben Ruset]

Never been a MAC guy, but I thought one of major selling points of that platform was "no virus, no walware"?

For the longest time that was true. But as more and more people have purchased Macs and their marketshare increased, it attracted the interest of the folks who write viruses. Most viruses now come in via insecure versions of Flash or Java.