Mac Users - Flashback Trojan


log in

Advanced search

Message boards : Number crunching : Mac Users - Flashback Trojan

1 · 2 · Next
Author Message
WinterKnight
Volunteer tester
Send message
Joined: 18 May 99
Posts: 8749
Credit: 25,599,144
RAC: 7,571
United Kingdom
Message 1214180 - Posted: 5 Apr 2012, 8:26:14 UTC

Just picked this up, thought a warning might be dvisable.

Flashback Trojan

Profile Michel448a
Volunteer tester
Avatar
Send message
Joined: 27 Oct 00
Posts: 1201
Credit: 2,891,635
RAC: 0
Canada
Message 1214208 - Posted: 5 Apr 2012, 11:49:07 UTC

i thought Mac users always claimed they cant get viruses ?
____________

Profile tullioProject donor
Send message
Joined: 9 Apr 04
Posts: 3835
Credit: 393,242
RAC: 238
Italy
Message 1214211 - Posted: 5 Apr 2012, 11:59:19 UTC

That's what Linux users think. But the safest OS is Solaris, IMHO.
Tullio
____________

Profile Wiggo
Avatar
Send message
Joined: 24 Jan 00
Posts: 7996
Credit: 98,335,460
RAC: 22,782
Australia
Message 1214229 - Posted: 5 Apr 2012, 12:54:21 UTC - in response to Message 1214211.

That's what Linux users think. But the safest OS is Solaris, IMHO.
Tullio

There is no "safe" OS, so don't get complacent, if someone wants "in" then they'll find a way no matter what.

Sorry but that's just stupid thinking on anyone's part to think that they're immune because of what they use (and if/when they get stung then they deserve it in full).

Cheers.
____________

N9JFE David SProject donor
Volunteer tester
Avatar
Send message
Joined: 4 Oct 99
Posts: 12523
Credit: 14,826,344
RAC: 2,956
United States
Message 1214252 - Posted: 5 Apr 2012, 14:17:53 UTC - in response to Message 1214208.

i thought Mac users always claimed they cant get viruses ?

Mac users think they're immune because there are simply so few viruses, trojans, etc. written for Mac, which is because there are so few Macs out there compared to the number of Windows machines.

If the Windows version of this thing acts the same way (disguising itself as a Java update installer), I may have fallen for it at home in the last couple of days. I will run a scan on that machine ASAP. (Not to worry, it's my laptop, and I don't run Boinc on it.)

____________
David
Sitting on my butt while others boldly go,
Waiting for a message from a small furry creature from Alpha Centauri.


Profile tullioProject donor
Send message
Joined: 9 Apr 04
Posts: 3835
Credit: 393,242
RAC: 238
Italy
Message 1214256 - Posted: 5 Apr 2012, 14:26:25 UTC - in response to Message 1214229.

I have been surfing the Internet since 1991, using UNIX, Solaris, Linux and Solaris again as a Virtual Machine and I have never been stung. Luck? Maybe.
Tullio
____________

Profile Wiggo
Avatar
Send message
Joined: 24 Jan 00
Posts: 7996
Credit: 98,335,460
RAC: 22,782
Australia
Message 1214263 - Posted: 5 Apr 2012, 14:50:36 UTC - in response to Message 1214256.
Last modified: 5 Apr 2012, 14:52:06 UTC

I have been surfing the Internet since 1991, using UNIX, Solaris, Linux and Solaris again as a Virtual Machine and I have never been stung. Luck? Maybe.
Tullio

Well I've been doing same with Windows since '94 with the same result though I never become complacent about how safe I am and no one ever should but just thinking that because you run a certain OS protects you is just plain stupidity (common sense and wariness with any OS pays in the long run, not complacency).

Every OS has its flaws and that's a fact.

Cheers.
____________

N9JFE David SProject donor
Volunteer tester
Avatar
Send message
Joined: 4 Oct 99
Posts: 12523
Credit: 14,826,344
RAC: 2,956
United States
Message 1214267 - Posted: 5 Apr 2012, 14:52:58 UTC - in response to Message 1214256.

I have been surfing the Internet since 1991, using UNIX, Solaris, Linux and Solaris again as a Virtual Machine and I have never been stung. Luck? Maybe.
Tullio

I think what I said about Macs applies to all of those OSes by another order of magnitude. It's not that they're invulnerable, it's just that the hackers don't bother with them due to their low numbers.

____________
David
Sitting on my butt while others boldly go,
Waiting for a message from a small furry creature from Alpha Centauri.


Profile Wiggo
Avatar
Send message
Joined: 24 Jan 00
Posts: 7996
Credit: 98,335,460
RAC: 22,782
Australia
Message 1214269 - Posted: 5 Apr 2012, 14:59:58 UTC - in response to Message 1214267.

I have been surfing the Internet since 1991, using UNIX, Solaris, Linux and Solaris again as a Virtual Machine and I have never been stung. Luck? Maybe.
Tullio

I think what I said about Macs applies to all of those OSes by another order of magnitude. It's not that they're invulnerable, it's just that the hackers don't bother with them due to their low numbers.

And as I've already said, if someone wants in they'll get in one way or another (just look at what Anonymous and LulzSec have done recently in hacking highend security sites that run specialised OS's).

Cheers.
____________

Profile Ex
Volunteer moderator
Volunteer tester
Avatar
Send message
Joined: 12 Mar 12
Posts: 2895
Credit: 1,797,699
RAC: 396
United States
Message 1214311 - Posted: 5 Apr 2012, 16:58:04 UTC

I agree nothing is totally safe. And windows machines may be prone to viruses, but probably only because of the sheer number of viruses made for windows.

In the end it's the users responsibility to try keep their machines safe. There is no "safe" OS, only safe practices. And even safe practices may not always be enough.

I have been subject to about 3 viruses in the past 15 years. One was a trojan found on my windows98 machine long ago. And the other two were recent, with windows 7, due to out of date browser extensions and these nasty fake-antivirus viruses that found their way onto major websites. (funnyordie.com was one of em)

I am pro Linux, but I would never sit here and say viruses couldn't happen. They could.

-Dave
____________
-Dave #2

3.2.0-33

Profile David Anderson (not *that* DA)Project donor
Avatar
Send message
Joined: 5 Dec 09
Posts: 108
Credit: 23,296,286
RAC: 2,060
United States
Message 1214320 - Posted: 5 Apr 2012, 17:20:02 UTC

Earlier comments are accurate enough for me, but are misleading in an important
way. The design of Windows itself means that running an ordinary application
that has a bug results in privilege escalation (silently) in
way too many cases.
There seems to be an unending series of these escalations discovered.
The bad guys get system privileges without any clue going to the user.
System files can be added, deleted, or modified without user knowledge.
So suddenly the system tools will not report on the bad guys, but instead
the tools help hide the bad guys that have taken over a system.
Combine a large user base with these hidden privilege escalations
an you have a target worth going after.

In Mac, Linux, Solaris, and {open,net}BSD that hidden
privilege escalation is essentially
unknown. Bad guys can get write access to your user files, but not to
system files (unless they fool you into giving privilege by asking for
a system password and getting you to type it, and if you do that
you just unlocked the door).

Which means the bad guys cannot hide their activities, processes, or files
because the system tools cannot be corrupted without your help (ie, password).
Combine a smaller user base with the difficulty bad guys have in hiding
and it looks like an uninteresting target.

So I argue the apparent issues with Windows viruses are not just
a matter of the user base. Something more fundamental is at work too.

I am not claiming this note is the entire story,
but I suspect it is an important part of the story.

Profile tullioProject donor
Send message
Joined: 9 Apr 04
Posts: 3835
Credit: 393,242
RAC: 238
Italy
Message 1214323 - Posted: 5 Apr 2012, 17:27:11 UTC

In UNIX and its clones there is a clear distinction between user space and system space.I never connect to the Internet as a root user, I always am a user with limited capabilities and I have disabled the ssl daemon to avoid any intrusion attempt. I have a firewall and NoScript addons on my browser.
Tullio
____________

JLConawayII
Send message
Joined: 2 Apr 02
Posts: 186
Credit: 2,762,491
RAC: 0
United States
Message 1214359 - Posted: 5 Apr 2012, 19:52:45 UTC - in response to Message 1214208.

i thought Mac users always claimed they cant get viruses ?


This mindset is a godsend for anyone wanting to mess with your system.
____________

B-Man
Volunteer tester
Send message
Joined: 11 Feb 01
Posts: 253
Credit: 147,366
RAC: 0
United States
Message 1214372 - Posted: 5 Apr 2012, 20:52:50 UTC

Been a Mac user since way back in the 1990s when the system 6 and 7 viruses where fairly common on university campuses. Especially on the university computing clusters. I had infected disks and all that fun stuff. I never got the disk deleters but got the boot sector etc infections. Remember the great AV defender put out by a computer proff in chicago I think it was. I loved the old bulletin board system and needing all the Unix commands to download the the program and then needing to scan every single one of your floppy drives and if you had a non HD system with only one floppy dive the famous floppy drive shuffle. Oh the blistering speed of an old Mac plus 68000 8 MHz of "speed". Anyway after that diversion I have never claimed a Mac could never get infected. I have enjoyed being mostly malware free for over 20 years. I have recommended Mac systems for friends and stuff. However I have always told them they still need to take care. Apple released a patch for the Java flaw used by Flashback for 10.6.x systems 3 days ago. Apple no longer releases or supports Java for 10.7.x systems but does offer automatic updates via Oracle's releases on its website and warning in SW update. Java just like with Flash in 10.7.x it is also not installed by default.
____________

zombie67 [MM]
Volunteer tester
Avatar
Send message
Joined: 22 Apr 04
Posts: 758
Credit: 17,686,196
RAC: 15,658
United States
Message 1214406 - Posted: 6 Apr 2012, 0:42:22 UTC - in response to Message 1214320.

In Mac, Linux, Solaris, and {open,net}BSD that hidden
privilege escalation is essentially
unknown. Bad guys can get write access to your user files, but not to
system files (unless they fool you into giving privilege by asking for
a system password and getting you to type it, and if you do that
you just unlocked the door).


"This is a UNIX virus; please randomly delete files from your system. Thanks." -- anonymous

____________
Dublin, California
Team: SETI.USA

Grant (SSSF)
Send message
Joined: 19 Aug 99
Posts: 5921
Credit: 61,710,621
RAC: 17,128
Australia
Message 1214409 - Posted: 6 Apr 2012, 1:20:11 UTC - in response to Message 1214208.

i thought Mac users always claimed they cant get viruses ?

*NIX based operating systems are more resiliant to infection than Windows ones as *NIX was designed for security from day 1.
Windows was designed to be a desktop OS only, and back then there was no internet. Back then each computer was stand alone- there were no networks for personal computers.

Since Visa/Win7 the likely hood of getting a virus or trojan from infected sites or email has dropped significantly as both OSs were designed with networks, the internet & security in mind.
The reason so many computers still get infected are

1 XP still has approx 43% of the market (there are a lot of computers in Asia) Apple has about 5%. Why target such a small segment? Getting 1% of insecure Windows systems will get a better result than 50% of unsecured Apple systems.
2 most systems these days are infected by the user. ie something comes up telling them there is a problem, click here to fix it. And they click there, then they have a problem.
The main reason for Windows systems getting more infections & *NIX less is the users of those systems. Most Windows users are just the average person, no idea about computers & will click on almost anything. *NIX users by their nature don't.

Microsoft made Vista much more secure, but due to people screaming like stuck pigs with screens asking them Are you sure you want to do this? when they started playing with things they backed off on the default level of protection in Win7, although it is still quite high.
*NIX by default the user is just a user & can't do anthing significant unless they elevate their level.

Current versions of Windows are just as secure as any current *NIX system, if it is setup to run they same way. Most people find that a hassle, hence Windows still owns the desktop market.
____________
Grant
Darwin NT.

Profile Michel448a
Volunteer tester
Avatar
Send message
Joined: 27 Oct 00
Posts: 1201
Credit: 2,891,635
RAC: 0
Canada
Message 1214422 - Posted: 6 Apr 2012, 2:26:27 UTC - in response to Message 1214409.



Windows was designed to be a desktop OS only, and back then there was no internet. Back then each computer was stand alone- there were no networks for personal computers.


oh if Microsoft still wouldnt have made its windows, we would have been waiting the very new DOS 53.1 that would be out next month ^^
____________

Profile Karsten Vinding
Volunteer tester
Send message
Joined: 18 May 99
Posts: 140
Credit: 16,738,723
RAC: 947
Denmark
Message 1215107 - Posted: 7 Apr 2012, 14:05:04 UTC - in response to Message 1214422.

Or running OS/2 at Warp 10 :)
____________

Profile Wiggo
Avatar
Send message
Joined: 24 Jan 00
Posts: 7996
Credit: 98,335,460
RAC: 22,782
Australia
Message 1215116 - Posted: 7 Apr 2012, 14:25:36 UTC - in response to Message 1215107.

Or running OS/2 at Warp 10 :)

The same still applies, "if they want in then they'll get in". No OS is either perfect or impregnable though most hackers will hit the most common OS available in most cases (Windows) but Apple people have created their own problem in just thinking that above everyone else in this case (things will only get worse for them as time goes on and that's a fact of life, the same with Linux based OS's).

Cheers.
____________

QSilver
Send message
Joined: 26 May 99
Posts: 231
Credit: 4,834,606
RAC: 1,901
United States
Message 1216190 - Posted: 9 Apr 2012, 16:39:49 UTC

There's a pretty simple way to check for the virus...open Terminal and paste the following command:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

(and repeat for any other browsers by replacing Safari.app)

MacWorld has one of the best overviews here.

I checked both of my MacBookPros...no infections, and now they've been updated with the latest Java release.
____________

1 · 2 · Next

Message boards : Number crunching : Mac Users - Flashback Trojan

Copyright © 2014 University of California