Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

More than 600,000 Macs infected with Flashback botnet


  • Please log in to reply
14 replies to this topic

#1 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 27,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:02:39 PM

Posted 05 April 2012 - 01:47 PM

"Russian antivirus company says half the computers infected with malware designed to steal personal information are in the U.S. -- with 274 located in Cupertino."

More than half a million Macs are infected with the Flashback Trojan, a malware package designed to steal personal information, according to a Russian antivirus company.

The company -- Dr. Web -- originally reported today that 550,000 Macintosh computers were infected by the growing Mac botnet. But later in the day, Dr. Web malware analyst Sorokin Ivan announced on Twitter that the number of Macs infected with Flashback had increased to 600,000, with 274 of those based in Cupertino, Calif.


Quote from CNET News Article by Steven Musil Click Here

Following the linked article will also provide you a link for a patch. The article has been updated to provide that patch.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown


Posted Image


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." — Douglas Adams.


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." — Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:04:39 PM

Posted 06 April 2012 - 06:55 AM

As Macs become more popular, it is only natural that they will be subject to malware attacks. At the same time, I think that Mac users have often felt their system was immune to malware, and thus perhaps were not as careful and as security-conscious as those of us with Windows have learned to be.
Whereof one cannot speak, thereof one should be silent.

#3 computerxpds

computerxpds

    Bleepin' Editor


  • BC Advisor
  • 3,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Farmington NY
  • Local time:05:39 PM

Posted 06 April 2012 - 01:03 PM

+1 to jg, I have worked with macs for quite a while.. I and most of the security minded mac users have been saying for years that eventually this "safe haven" that the mac possessed was going to be broken and something large scale was going to happen such as this. Think of it from a person looking to steal a bunch of money from a bank, they have a plan, which involves vulnerabilities (ie the mac os). The only reason these malware writers hadn't gone as far as this before is because it wouldn't have been worth their time but also.. it would have closed a vulnerability that they knew about, I can almost guarantee that malicious writers know about fifty or so "holes" in OS X that have been around for years, they just haven't used them yet because they are saving them for.. well they were saving them for a time when apple's became more widely used, recently I read a story that said that mac's are now in 50 percent of american homes. There you have it, the perfect time for them to use those vulnerabilities. Who ever said OS X was impenetrable? Now lets all slowly walk away and go use a linux distro. :)

sigcomp.png
Please DO NOT PM me for computer help or advice, that is what our forums are for.
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | BC Welcome Guide | Misplaced Malware Logs | BC Tutorials | BC Downloads
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat too! | Hang With Us on LockerDome!


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:39 PM

Posted 06 April 2012 - 07:04 PM

Is nothing sacred...

F Secure technicle article..
http://www.f-secure.com/weblog/archives/00002336.html

On Monday, I provided steps on how to avoid your Mac being compromised by the Flashback trojan. Today I will provide information on how to locate a Flashback infection.

To better understand the steps below, it is better to also know a bit about Flashback. It's an OS X malware family that modifies the content displayed by web browsers. To achieve this, it interposes functions used by the Mac's browsers. The hijacked functions vary between variants but generally include CFReadStreamRead and CFWriteStreamWrite:


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:39 PM

Posted 06 April 2012 - 07:32 PM

I wonder how they actually count/estimate number of infected computers....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#6 chromebuster

chromebuster

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:05:39 PM

Posted 07 April 2012 - 12:24 AM

Yeah, see? This is exactly what I mean. People I know who own Macs just look at me weird when I tell them that they are becoming just as at risk as we who use Windows are. It's like they don't believe me, but if they read this post, then they would.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:39 PM

Posted 07 April 2012 - 09:56 AM

Apple Issues Second Java Update to Patch Vulnerability Exploited by Flashback Malware: http://www.intego.com/mac-security-blog/apple-issues-second-java-update-to-patch-vulnerability-exploited-by-flashback-malware/

Regards,
Jason


Simple and easy ways to keep your computer safe and secure on the Internet

My help is free... however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <-- (every little bit helps)


#8 buddy215

buddy215

  • BC Advisor
  • 6,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:39 PM

Posted 07 April 2012 - 11:15 AM

Read another article this morning that I agree with. It pointed out that most never use Java. As the
writer pointed out he only has seen recently some crossword puzzles and one bank service that could
easily be worked around.

I suggest users, regardless of platform, disable Java in their browsers. It can easily be re-enabled if needed.
I think most will find they just don't need it.

From the web: To disable Java in Apple's Safari, go to the Safari menu, select "Preferences…" and click that window's Security heading, then click to clear the checkbox next to "Enable Java." To do the same in Mozilla Firefox, go to its Tools menu, select "Add-ons," click "Plugins" and click the "Disable" button to the right of the Java plug-in entry. In Google Chrome, click the wrench-icon menu, select "Under the Hood," and click the "Disable individual plug-ins" link.

This is the article: Secure your Mac from Flashback infection – USATODAY.com

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#9 buddy215

buddy215

  • BC Advisor
  • 6,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:39 PM

Posted 07 April 2012 - 02:02 PM

I wonder how they actually count/estimate number of infected computers....


In this case Dr. Web says they "hijacked" this particular botnet. They have a list of all IP addresses of the botnet.

QUOTE: Dr Web said that once the Trojan was installed it sent a message to the intruder's control server with a unique ID to identify the infected machine. "By introducing the code criminals are potentially able to control the machine," the firm's chief executive Boris Sharov told the BBC.

"We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals' hands. However, we know people create viruses to get money.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#10 black_icon

black_icon

  • Members
  • 199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 07 April 2012 - 05:13 PM

As a Mac user, it's time for me to be careful when downloading and doing something in the net, ayt? I'm sure Mac Support will always have malware warrior that will fight any malware distructions.
He who knows not and knows not that he knows not is FOOL but he who knows not and knows that he knows not is WISE

#11 rotor123

rotor123

  • Moderator
  • 7,654 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:39 PM

Posted 09 April 2012 - 12:43 PM

+1 to jg, I have worked with macs for quite a while.. I and most of the security minded mac users have been saying for years that eventually this "safe haven" that the mac possessed was going to be broken and something large scale was going to happen such as this. Think of it from a person looking to steal a bunch of money from a bank, they have a plan, which involves vulnerabilities (ie the mac os). The only reason these malware writers hadn't gone as far as this before is because it wouldn't have been worth their time but also.. it would have closed a vulnerability that they knew about, I can almost guarantee that malicious writers know about fifty or so "holes" in OS X that have been around for years, they just haven't used them yet because they are saving them for.. well they were saving them for a time when apple's became more widely used, recently I read a story that said that mac's are now in 50 percent of american homes. There you have it, the perfect time for them to use those vulnerabilities. Who ever said OS X was impenetrable? Now lets all slowly walk away and go use a linux distro. :)


I've also been waiting for Apple computer penetration to be high enough to become a viable Malware target.
The bigger problem for Macs is that the users feel like they can't catch anything and don't worry about it. When the bad guys get into their checking account, credit card account and steal their identity after downloading their Income tax records.

And due to the cost of their systems they make a higher income target....

I'll bet the story got it wrong that Mac's are in 50% of US homes. And what they really meant was that 50% of US homes have an Apple product. Count Ipads, Iphones, Ipods & Apple TV maybe so.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

111 @ October 19


#12 buddy215

buddy215

  • BC Advisor
  • 6,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:39 PM

Posted 10 April 2012 - 03:07 PM

Kaspersky Launches Free Flashback Removal Tool and Website to Check for Infections | PCWorld

........In order to make it easier for average users to check whether their computers are infected, Kaspersky Lab launched a website on Monday where people can input their systems' unique hardware identifiers (UUIDs) to see if they are among the almost 700,000 Macs known to be infected with Flashback so far.

Kaspersky also released a stand-alone removal tool for the Flashback malware, which Mac owners can download and use for free. However, it's probably a good idea to install a full-featured antivirus program after running this tool in order to prevent future infections............


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#13 rotor123

rotor123

  • Moderator
  • 7,654 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:39 PM

Posted 11 April 2012 - 09:20 AM

As a Mac user, it's time for me to be careful when downloading and doing something in the net, ayt? I'm sure Mac Support will always have malware warrior that will fight any malware distructions.



I hope you were being sarcastic with your message?

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

111 @ October 19


#14 black_icon

black_icon

  • Members
  • 199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 11 April 2012 - 08:51 PM

What I was trying to say was that, is downloading something from the internet will lead my Mac to be infected with this Flashback or this malware will directly or automatically inject to the system and will harm it?
He who knows not and knows not that he knows not is FOOL but he who knows not and knows that he knows not is WISE

#15 rotor123

rotor123

  • Moderator
  • 7,654 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:39 PM

Posted 12 April 2012 - 09:12 AM

Oh, OK

From here
Sophos Anti-Virus for Mac Home Edition
Free antivirus that works simply and beautifully
" Mac with Intel or PowerPC processor
256 MB of memory
150 MB of available disk space
Mac with OS X 10.4 (Tiger), 10.5 (Leopard), 10.6 (Snow Leopard) or 10.7 (Lion)
Supports all Apple Mac hardware including iMac, MacBook, MacBook Pro and the new MacBook Air
"

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
or here
http://download.cnet.com/Sophos-Anti-Virus-for-Mac-Home-Edition/3000-2239_4-75328306.html

I believe as long as you don't have Java installed or have installed the latest Java update from Apple you are probably safe as I understand it. It is a Drive By installer and you don't even realize it.

So I'd install the Antivirus and run a full scan just to be sure.

Good Luck
Roger

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

111 @ October 19





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users