-
Trojaner For Mac
Contributor, Macworld. Apr 6, 2012 12:50 PM On April 4, Russian antivirus vendor Dr. Web that more than 500,000 Macs have been infected by the latest variant of the. As Mikko Hypponen, Chief Researcher at F-Secure, if there are roughly 45 million Macs out there, Flashback would now have infected more than 1 percent of them, making Flashback roughly as common for Mac as was for Windows. Flashback appears to be the most widespread Mac malware we’ve seen since the days when viruses were spread on infected floppy disks; it could be the single most significant malware infection to ever hit the Mac community. Here’s what you need to know about Flashback, what you can do about it, and what it means for the future of Mac security. What is Flashback?
Flashback is the name for a malicious software program that tried to trick users into installing it by masquerading as an installer for Adobe Flash. (Antivirus vendor Intego Flashback was created by the same people behind the attack that hit last year.) While the original version of Flashback and its initial variants relied on users to install them, is what’s called in the security business a drive-by download: Rather than needing a user to install it, Flashback uses an unpatched Java vulnerability to. If you visit a malicious (or unwillingly infected) website hosting Flashback, the program attempts to display a specially crafted Java applet. (We don’t yet know how many websites host Flashback.) If you have a vulnerable version of Java installed and enabled in your Web browser, the malicious code will infect your system and then install a series of components. Since Apple did not for that vulnerable version of Java until April 3rd, many users were and are still susceptible. After initial infection, Flashback pops open a Software Update window to try and obtain your administrative password, but it does so only to embed itself more deeply into your Mac. Even if you aren’t fooled at this point, you are still infected.
Cross Platform Trojan steals Linux and Mac OS X passwords. The Hacker News is Most Comprehensive resource in providing news related to Information Technology, Hacker News, Hacked by, Learn Hacking, email hacker, Anonymous Hackers, password hacking, facebook hacker, hacker tools, Computer Security.
Once it succeeds in infecting your Mac, Flashback inserts itself into Safari and appears to harvest information from your Web browsing activities, including usernames and passwords. It then sends this information to command-and-control servers on the Internet. The significant thing is that, unlike almost all other Mac malware we’ve seen, Flashback can insinuate itself into your system if you merely visit an infected webpage and are using vulnerable software. You do not need to enter your administrative password or to manually install anything. Am I at risk?
You are at risk if you meet four criteria: 1. You have Java installed on your Mac. One way to find out: Open Terminal and type java -version at the prompt.
If you do have Java installed, you'll get a version number. It is installed by default on OS X 10.6 Snow Leopard, but not by OS X 10.7 Lion. (But is installed the first time you need to run it, which means most Macs likely have it). You do not have the (if you're running OS X Lion) or installed (if you're running Snow Leopard) or you were infected before either of them was installed. Both of those updates install Java version 1.6.031; running that java -version command above will tell you if that's what you've got. You allow Java applets to display in your browser.
Trojaner Mac Erkennen
In Safari, go to Preferences Security Web Content and see if the Enable Java option is checked. You can turn that option off by unchecking it. You do not have certain security tools installed on your Mac that Flashback checks for, including Little Snitch, Xcode, and a few anti-malware tools. Antivirus vendors do not appear to have detected this particular version of Flashback for a few days after it appeared in the wild, though some vendors—including —protected users with updates in late March. Malware often shares bits of code from earlier versions that may be detectable by antivirus products before those products have been specifically updated to catch newer versions, but such protection is hit-or-miss. How can I tell if I’m infected? F-Secure, which require running a few commands in Terminal.
All antivirus products should also be detecting it at this point if you have the latest signatures installed. (Usually, you can do so manually in your security app’s preferences, but this varies from product to product; most automatically update). How can I protect myself? The first thing to do is run Software Update and make sure you have the latest patches. This will prevent any infections that exploit the current vulnerability; there aren’t any other known infection vectors (other than tricking you into installing it, which won’t go away anytime soon and doesn’t rely on Java). There are a few other things I’d recommend you do to reduce the chances of future drive-by malware infections: Disable Java in Safari and other Web browsers.
Unlike Flash, you rarely need it these days. Again, in Safari, go to Preferences - Security - Web Content and uncheck Enable Java. The folks at TidBITS for doing the same in Chrome and Firefox. Uninstall Flash and use Google Chrome as your browser.
Google Chrome includes an embedded, sandboxed version of Flash that reduces the chances an attacker can infect your system., then. If you don’t need Java at all, disable it. The Java Preferences utility is in /Applications/Utilities; uncheck the boxes next to the versions listed in the General tab. Be careful, though: Some programs such as CrashPlan (which I use) require it.
But there aren’t many apps like that on the Mac market anymore. I still use Safari, but when I need Flash I switch to Google Chrome. I haven’t allowed Java to run in my browser for some years now, due to my fear of this kind of attack.
Mac antivirus tools may help, but they still don’t catch everything. That said, the current programs are far less intrusive and performance-impairing than they used to be; some of them (including and ) offer free versions.
Remember, antivirus tools aren’t perfect, and you can still be infected by new malware if those tools don’t specifically protect against it. Many Windows users learn this lesson the hard way on a daily basis. Are there really more than half a million infected Macs?
Yes, it really looks that way. While we don’t have independent validation, the techniques described by Dr. Web to measure the infection are plausible: Using one called sinkholing, Dr. Web redirected command-and-control traffic to its own analysis server. Since each infected Mac provides its unique device ID when connecting to the server, this allows Dr. Web to count infections on a per-machine basis; that’s more accurate than counting connections based on IP addresses (which might be shared by multiple Macs).
We also have anecdotal evidence supporting the claim. In linking to a about Flashback, John Gruber asked his readers at to check their Macs and let him know if they were infected. Over the course of six hours, John received positive reports from about a dozen of his readers—who are generally experienced Mac users.
Is this different from previous Mac malware? Flashback is the first widespread drive-by malware to attack Macs. This is one of the most pernicious attack techniques, which has long troubled Windows users, and it does represent a major advance. Most Mac malware hides itself inside software programs—such as pirated software, obscure games, or non-standard video players—that the average users is unlikely to install. Because it can infect a vulnerable computer without user interaction, Flashback is far more serious. As we’ve seen in the Windows world, this is an extremely effective technique. Intego says it has in the past few days, which means the malware authors are working hard to extend the life of the infection.
Is Apple responsible? The vulnerability in Java that Flashback exploits was patched in February by Oracle (which inherited Java as part of its acquisition of Sun Microsystems). But Apple waited nearly two months to update OS X with that patched version. This is the single biggest security issue for Macs. OS X includes a number of software components from third-party vendors and the Open Source software community, and Apple has a terrible track record in updating those components.
When a vulnerability becomes publicly known because it’s been patched on another platform, but it isn’t patched on another, the bad guys have a straight-line roadmap to compromising that unpatched system. Apple may believe that not including Flash or Java in current versions of OS X prevents these kinds of attacks, but too many users still install these tools. Apple has made incredible strides in improving the security of its products, but its delayed patching of known vulnerabilities is still a problem.
What does this mean for the future of malware on Macs? Flashback doesn’t necessarily mean that Macs will soon be as laden with malware as Windows computers. But the future of the platform’s security depends a lot on Apple and good old fashioned luck. Drive-by attacks rely on vulnerabilities in Web browsers and other software—such as email and RSS readers—that view webpages.
It’s not enough to run vulnerable software; that software needs to be exploitable, meaning it allows an attack to extend its tendrils into your system. Apple has been introducing a series of technologies—tools like, and —to reduce the chances of exploitation even when a Mac is vulnerable and to limit the potential damage of an attack. But these technologies aren’t perfect, especially when complex programs that run Web content like Java or Adobe Flash are involved. Apple clearly needs to start patching software that’s known to be vulnerable more quickly. After the success of Flashback, we can only assume the bad guys will move more quickly the next time they are given this window of opportunity.
Cupertino should consider further sandboxing Safari. It should also explore the possibility of sandboxing Flash and Java independently; if the latter isn’t technically feasible, the company should work more directly with the vendors of those technologies to develop sandboxed Mac versions. Adobe recently added more-extensive sandboxing to Acrobat on Windows, and that has reduced the effectiveness of attacks. Will significantly change the game for manually installed trojans when it’s released later this year; it will make that form of attack much less profitable (and thus less likely).
The bad guys clearly care more about Macs now. But we need to keep our perspective: We still see far less malware for Macs than we do for, say, Android phones. Yet there's no doubt that Flashback is a significant development. I believe it shows we will see more malware on Macs. I’m also convinced these will be infrequent events and not the ongoing onslaught of epidemics that some observers are predicting—as long as we all take precautions and stay vigilant. Rich Mogull has worked in the security world for 18 years. He writes for TidBits and works as a security analyst through.
By, Computerworld. Apr 16, 2012 10:25 AM While the number of is, the security reverberations for Apple continue. The a couple of weeks ago—and Apple’s response—has prompted criticism by IT security pros, and even some smug told-you-so’s from Windows users who’ve watched for years while Apple and its fans derided the the omnipresent malware issues plaguing PCs.
Security by obscurity, if it ever existed, is no more. Now that Apple and several third-party software firms have produced detection and removal tools, it’s time to take stock of the situation and dig a little deeper. What does the Flashback debacle mean for Mac users, Apple itself and the businesses that have increasingly adopted Macs? And does it affect those with iPads and iPhones? Just a drop in the bucket.
By, PCWorld. Apr 13, 2012 1:50 PM Editor’s Note: The following article is reprinted from the at. Better late than never?
Apple has released the third Java update in a week for Mac OS X, and this one contains the tool to from infected systems. Beneath the belated fix to help users, Apple has introduced a proactive approach to reducing security risk that other vendors should take note of.
The first couple Java updates already patched the underlying vulnerability. The latest version doesn’t address any new vulnerabilities—it takes care of the destruction left in the wake of the vulnerabilities in the first place, and proactively reduces the exposure to risk for Mac users. Java exposes systems to risk if left enabled when it's not even used. The from Apple removes the known variants of the Flashback malware from. It also automatically disables Java if it has not been used during the previous 35 days. Once disabled, users have to manually re-enable Java in order for Java applets to run again.
That means that malware attacks like Flashback would be unable to automatically execute and compromise Macs that don’t regularly use Java. By, Macworld. Apr 16, 2012 6:37 AM Still stressed about the, that insidious bit of Mac malware that has infected hundreds of thousands of computers?
Late Friday, Apple released the creatively-named, which the company says “removes the most common variants of the Flashback malware.” This is not the same as the earlier last week, which also removes Flashback. The standalone removal tool is geared towards those Lion users who haven’t installed Java. Although the most recent variants of the Flashback malware, earlier variants used other attack vectors, such as; hence the need for this non-Java based utility. Apple notes that, in certain cases, the removal tool will need to restart your Mac to complete the malware removal process. By, Macworld.
Apr 12, 2012 2:10 PM, Apple has released another Java update for OS X, this time one that removes Flashback from infected Macs. May have infected more than half a million Macs; it could if the victim merely visited a maliciously crafted website. Apple released an update patching the Java vulnerabilities exploited by Flashback. Thursday’s additional Java update goes a step further, removing the most common variants of the Flashback malware. The update also reconfigures the Java plug-in so that it disables automatic execution of Java applets by default.
If you prefer to live dangerously, you can re-enable automatic Java applet execution by running the Java Preferences app ensconced comfortably in your /Application/Utilities folder. After an indeterminate period of your not having run any Java applets, however, your Mac will automatically disable auto-execution again. By, Computerworld. Apr 11, 2012 2:40 PM Sales of Mac security software have jumped since last week about a massive malware infection of Apple computers, according to some antivirus vendors and Mac App Store statistics.
'We've seen a substantial increase in both sales and downloads of trial versions of our software,' said Peter James, a spokesman for French security company. 'Part of this is certainly due to Flashback.' Intego, which develops and sells only Mac antivirus software, is best known for, which sells for $50. (A 30-day free trial of the software is also available.) James did not provide sales figures for Intego's security software or specify the increase his company has seen since a said more than 600,000 Macs had been infected with Flashback. Other security providers echoed James.
By, Computerworld. Apr 18, 2012 10:30 AM Mozilla this week began blocking outdated versions of a Java plug-in in Firefox for some Mac users after calling the threat posed by the Flashback malware “evident and imminent.” The move came two weeks after Mozilla of Oracle’s software on Firefox for Windows. Although Mozilla said on April 2 that it might add the Java plug-in to Firefox for Mac’s blocklist—a it maintains of add-ons and plug-ins that the company disables because they’re infected with malware or have been targeted by attackers—it didn’t follow through until Monday.
In a post to the company’s, Mozilla said the delay was due to the uptake of the patched plug-in. As Mozilla noted, cleanup efforts have made headway on the number of Macs infected with the Flashback malware. While more than 600,000 Macs were infested with Flashback as recently as two weeks ago, that number. By, PCWorld. Apr 16, 2012 1:33 PM Editor’s Note: The following article is reprinted from the blog at.
Following the outbreak of the, security researchers have spotted two more cases of Mac OS X malware. The good news is most users have little reason to worry about them. Both cases are variants on the same Trojan, called SabPub, Kaspersky Lab Expert Costin Raiu wrote on Securelist.
The first variant is known as. Like Flashback, this new threat was likely spread through Java exploits on Websites, and allows for remote control of affected systems.
It was created roughly one month ago.
Discovered: October 31, 2007 Updated: October 13, 2015 3:27:30 PM Also Known As: OSX/RSPlug-A Sophos, OSX/Puper McAfee Type: Trojan Infection Length: Varies Systems Affected: Mac OSX.RSPlug.A is a Trojan horse that runs on Macintosh OS X and changes the DNS settings on the compromised computer. For more information, please see the following resource: Antivirus Protection Dates.
Initial Rapid Release version October 31, 2007 revision 051. Latest Rapid Release version January 15, 2018 revision 020. Initial Daily Certified version November 01, 2007 revision 003.
Latest Daily Certified version January 15, 2018 revision 024. Initial Weekly Certified release date November 07, 2007 Click for a more detailed description of Rapid Release and Daily Certified virus definitions. Writeup By: Stuart Smith. Discovered: October 31, 2007 Updated: October 13, 2015 3:27:30 PM Also Known As: OSX/RSPlug-A Sophos, OSX/Puper McAfee Type: Trojan Infection Length: Varies Systems Affected: Mac The threat may arrive on the compromised computer by being downloaded via browser exploits or social engineering.
Discovered: October 31, 2007 Updated: October 13, 2015 3:27:30 PM Also Known As: OSX/RSPlug-A Sophos, OSX/Puper McAfee Type: Trojan Infection Length: Varies Systems Affected: Mac The following instructions pertain to all current and recent Symantec antivirus products for Macintosh. Update the virus definitions. Run a full system scan and repair or delete all the files detected. For specific details on each of these steps, read the following instructions. To update the virus definitions Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers.
There are two ways to obtain the most recent virus definitions:. Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the.
Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. Business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the. The are available: Read ' ' for detailed instructions. To scan for and delete the infected files a. Start your Norton AntiVirus for Macintosh program and make sure that it is configured to scan all the files.
Run a full system scan. For more information on how to do this, read the document, '.' If any files are detected, click Repair (if available) or Delete. Writeup By: Stuart Smith.
|
 Créer mon blog |
Créer mon compte |