Update – 13 April 2012: Apple have released another update to Java (via software update) which automatically disables Java in Safari, and removes Flashback if it has infected your system. Please use Apple’s update rather than relying on this script!

Update – 10 April 2012: I have edited the script to run the additional commands recommended by TidBITS. The Download button will now return version 0.2 of the script.

It’s finally happened, there has been a serious malware outbreak on the Mac. Over half a million Macs have been infected with the latest variants of the Flashback malware. Earlier versions of this malware relied on tricking users into running an installer, or approving a request for permission to execute, but that has all changed now. The malware moved from being a simple trojan that relied on tricking people into running it, to a fully automated attack requiring no user interaction. The reason for this transformation is that the malware started to use flaws in Java, first, old vulnerabilities that were patched ages ago, so only affecting people who don’t keep their computers up to date, but this week, attacking flaws that Apple had, at the time, not yet patched. This means that for a few days, even the most diligent Mac users could have been hit.

This infection has no noticeable symptoms, and did not require you do do anything “stupid” to get infected. Any Mac user, not matter how careful, could have been infected. So, you need to check to be sure you are not one of the half million plus victims! Read more

Tagged with:

Although it is true that some Trojans use vulnerabilities like the current ARDAgent vulnerability to gain root access, they do not need to. The core message about Trojans is getting lost amidst all the talk about plugging this vulnerability. Even if there was not a single vulnerability in OS X we would be at the mercy of Trojans. That’s the whole point of Trojans. Any program you run can do anything you can do. Let’s think about that for a moment, what can you do on your system without needing a password? Here’s a short list for starters:

  • You can run programs.
  • You can read, edit, and delete files
  • You can use the network
  • You can set programs to auto-start each time you log in

Remember, a Trojan is just an ordinary program that pretends to do something you want, but actually does something else. It could delete all your files. It could run a key logger and phone home with your credit card number, user names and passwords, bank details etc.. It could use your machine to send spam. It can set itself to automatically run each time you log in and continue with it’s nefarious actions. It can do all this WITHOUT the need to exploit a single vulnerability in your OS or your software. If you can do it, a Trojan can. Think about that for a second, it’s not a comforting thought!

[tags]security, OS X, Mac, Trojan[/tags]

Read more

Tagged with: