Mac Trojan on the loose

**Janke** · 2012 April 6th, 03:57

Well, you have to be pretty darn stoopid to catch this; first you need to go to a shady website (many of them are illegal download sites, .nu domain), and secondly, you have to enter your master password when the website asks for it...

But, never underestimate the amount of human stupidity - just look around... According to this, over half a million Macs have been affected:

http://www.bbc.co.uk/news/science-environment-17623422

(Oh, BTW, Bob, if you happen to read this: It isn't a virus, it's a Trojan. Big difference - a virus infects without your approval...

)

**Erik Bien** · 2012 April 6th, 04:14

Originally Posted by Janke

Well, you have to be pretty darn stoopid to catch this; first you need to go to a shady website (many of them are illegal download sites, .nu domain), and secondly, you have to enter your master password when the website asks for it...

Actually, it seems it doesn't require a password to infect your system:

As CNET blogger Topher Kessler explains, simply visiting a malicious Web site containing Flashback on an OS X system with Java installed will result in one of two installation routes. The malware will request an administrator password, and if one is supplied, it will install its package of code into the Applications folder. If a password is not offered, the malware will install to the user accounts where it can run in a more global manner.

Once installed, the Flashback will inject code into Web browsers and other applications like Skype to harvest passwords and other information from those program's users.

Fortunately, Apple already has a patch available.

This update is highly recommended for people with Java installed on their systems, as it patches an exploit that is actively being pursued by malware developers, so be sure to back up your systems and install this update as soon as possible to close off this avenue for attack.

**cgbier** · 2012 April 6th, 04:25

The Java update was out this week.

If you want to know if you are one of the 600,000 infected, open up Terminal and type in:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

If you get a message that the domain doesn't exist, you didn't catch it. If it does, check the solution at F-Secure.

That trojan has been mentioned already last year in September. Why is the hype's coming up only now?

Eric, it is Java. Its security is based on certificates. It would be nice to have your machine running without the need for @#$%& java.

**Janke** · 2012 April 6th, 04:29

the malware will install to the user accounts where it can run in a more global manner.

I've seen other reports that it only "tries" to install... if you have set a password on all user accounts, it may not be able to.

Is this the first massive attack on OSX?

Oh, since there have been warnings earlier about Java, I do have it blocked on my Mac, I have to manually approve any site wanting to use Java.

**cgbier** · 2012 April 6th, 04:35

I've seen other reports that it only "tries" to install... if you have set a password on all user accounts, it may not be able to.

Depends on how you set your Safari presets. If you let everything open automatically, you're toast with java.

**Janke** · 2012 April 6th, 04:53

I use Firefox, and update it regularly. I also have the "NoScript" extension, blocking Java.

Practical prudent precautions prevent problems...

**HueyNRolf** · 2012 April 6th, 07:27

Its report claims that about 600,000 Macs have installed the malware - potentially allowing them to be hijacked and used as a "botnet".

Thread: Mac Trojan on the loose

Thread Tools

Display

Mac Trojan on the loose

Posting Permissions