Flashback botnet?

DezUk

DezUk

DezUk

Associate
Joined
20 Sep 2003
Posts
2,378
Location
Scotland
Just posting this as recently my wife had her PayPal account hacked resulting in over £1000 being taken from her bank account. This happened a few days ago and then I see this story, now I am worried I have been infected.

When I get home I will be running through the F-Secure steps to check and will run ClamX, anything else I should do to check for malware/virus on a Mac?

http://news.cnet.com/8301-1009_3-57409619-83/more-than-600000-macs-infected-with-flashback-botnet/


http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
 
I would just follow the fsecure instructions. Mac malware is so few and far between it's still practical to manually check like this, but obviously that will change in the future.

What version of OSX are you running?
 
The problem with macs is two fold.

First. On one hand there is so little bad stuff about for macs most people don't bother with av. In fairness that's true, however many forget they can receive and transmit viruses for other os i.e. not not you have a windows virus and give it to a lot of people. Also when mac things do hit, they tend to be bad simply because once you find someway to exploit a mac - you know there's no additional security to contend with.

Second. Apple control updates. Would be forgivable if they didn't also treat things like java the same way. The fix for java was released but it took apple 8 weeks to release it for macs. While MS, to their credit, aim to have even minor security holes plugged within 28 days, apple tends to be 2-3 months. Which seems odd but apple is a marketing machine and these things never really make the news.

For both the above reasons SOPHOS give their mac av away for free. The history of mac problems is on that page, so you can see how few there are, but how big the problems when they do show up and of course all the windows malware about.

Paying for consumer av on windows is somewhat a joke, but enterprise av for jack isn't a bad deal.
 
Don't overlook the obvious however. A lot of PayPal accounts get compromised simply because people use weak passwords, the same password as on every other website or by entering their login details into a phishing website that looks identical to PayPal.

Does the iMac actually have Java installed? It isn't by default on Lion. According to the Dr Web article on the Flashback trojan, it doesn't actually do anything if it comes across any of the following apps on your Mac...

Code: 
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
[COLOR="Red"]/Applications/ClamXav.app[/COLOR]
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
 
I just did a check, running 10.7.3. I do remember a popup box appearing asking for my details but I never put them in as it was random!

Terminal:
Code: 
defaults read /Applications/Safari.app/Contents/Info LSEnvironment

If you get a message about something doesn't exist your clean.
 
Arthur17 said:
Does the iMac actually have Java installed? It isn't by default on Lion.

[]
Click to expand...

No Flash or Java by default. That's how Flashback first appeared masquerading as Adobe Flash installer.

On my wife's MacBook Pro she has no Java and Chrime handles Flash.

Given the limited number of Macs actually compromised I feel this story has been blown out of proportion by the sensationalist blogosphere and AV companies (who'd love a slice of the OS X market)
 
The many websites that had this story mentioned that Apple released a fix/update for this. I went to software update (which is set to manual) and I saw no Java or Flash updates. Am I doing something wrong? I am on 10.6.8 if that makes a difference.

I do recall a while back Apple implemented some sort of malware tool/checker on the OS that updates automatically, so maybe that was the update mentioned?


rp2000
 
Strangely enough, I did a Flash update a few days ago that has been popping up for weeks annoying me in Safari. I've checked both Macs though and neither appear to have this.
 
Go to System Preferences - Software Update - Installed Software - there should be a Java update called - "Java for OSX 2012-001.
 
rp2000 said:
I went to Software Update (which is set to manual) and I saw no Java or Flash updates. Am I doing something wrong? I am on 10.6.8 if that makes a difference.
Click to expand...
For Snow Leopard, you need Java for Mac OS X 10.6 Update 7. To check to see if it is already installed run the command below from Terminal. More info here.

Code: 
java -version

Btw, you will never see updates for Flash Player in Software Update. They come from Adobe instead.
 
shine said:
Go to System Preferences - Software Update - Installed Software - there should be a Java update called - "Java for OSX 2012-001.
Click to expand...

Arthur17 said:
For Snow Leopard, you need Java for Mac OS X 10.6 Update 7. To check to see if it is already installed run the command below from Terminal. More info here.

Code: 
java -version

Btw, you will never see updates for Flash Player in Software Update. They come from Adobe instead.
Click to expand...

Thanks guys. I just checked and I did install this Java update (checked in software update and terminal confirms: java version "1.6.0_31", so I think I am safe. I also uninstalled Flash plugin (I have stopped using Safari a couple of weeks ago so I guess I don't need the plugin anyway).


rp2000
 
Having said that I just got a pop of a new Java update - Java for OSX 2012-002. It changed the build version

Before:
Java(TM) SE Runtime Environment (build 1.6.0_31-b04-413-11M3623)

After:
Java(TM) SE Runtime Environment (build 1.6.0_31-b04-414-11M3626)
 
You must log in or register to reply here.
Back
Top Bottom