Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

More than 600,000 Macs infected with Flashback botnet

Started by Animal , Apr 05 2012 01:47 PM

  • Please log in to reply
14 replies to this topic

#1 Animal

Animal

    Bleepin' Animinion

  • Site Admin
  • PipPipPipPipPipPip
  • 22,896 posts
  • Gender:Male
  • Location:Location, Location

Posted 05 April 2012 - 01:47 PM

"Russian antivirus company says half the computers infected with malware designed to steal personal information are in the U.S. -- with 274 located in Cupertino."

More than half a million Macs are infected with the Flashback Trojan, a malware package designed to steal personal information, according to a Russian antivirus company.

The company -- Dr. Web -- originally reported today that 550,000 Macintosh computers were infected by the growing Mac botnet. But later in the day, Dr. Web malware analyst Sorokin Ivan announced on Twitter that the number of Macs infected with Flashback had increased to 600,000, with 274 of those based in Cupertino, Calif.


Quote from CNET News Article by Steven Musil Click Here

Following the linked article will also provide you a link for a patch. The article has been updated to provide that patch.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown


Posted Image


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." — Douglas Adams.


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." — Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

 

  • BC Ads
  • BleepingComputer.com

#2 jgweed

jgweed

    Forum Addict

  • Global Moderator
  • PipPipPipPipPipPip
  • 28,372 posts
  • Gender:Male
  • Location:Chicago, Il.

Posted 06 April 2012 - 06:55 AM

As Macs become more popular, it is only natural that they will be subject to malware attacks. At the same time, I think that Mac users have often felt their system was immune to malware, and thus perhaps were not as careful and as security-conscious as those of us with Windows have learned to be.
Whereof one cannot speak, thereof one should be silent.

#3 computerxpds

computerxpds

    Bleepin' Miner

  • BC Advisor
  • PipPipPipPipPipPip
  • 3,505 posts
  • Gender:Male
  • Location:Farmington NY also Rochester NY

Posted 06 April 2012 - 01:03 PM

+1 to jg, I have worked with macs for quite a while.. I and most of the security minded mac users have been saying for years that eventually this "safe haven" that the mac possessed was going to be broken and something large scale was going to happen such as this. Think of it from a person looking to steal a bunch of money from a bank, they have a plan, which involves vulnerabilities (ie the mac os). The only reason these malware writers hadn't gone as far as this before is because it wouldn't have been worth their time but also.. it would have closed a vulnerability that they knew about, I can almost guarantee that malicious writers know about fifty or so "holes" in OS X that have been around for years, they just haven't used them yet because they are saving them for.. well they were saving them for a time when apple's became more widely used, recently I read a story that said that mac's are now in 50 percent of american homes. There you have it, the perfect time for them to use those vulnerabilities. Who ever said OS X was impenetrable? Now lets all slowly walk away and go use a linux distro. :)

Happy Computing,
sigmu.png
Please DO NOT PM me for personal help or advice, that is what our forums are for.
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | BC Welcome Guide | Misplaced Malware Logs

#4 boopme

boopme

    To Insanity and Beyond

  • Global Moderator
  • PipPipPipPipPipPip
  • 54,895 posts
  • Gender:Male
  • Location:NJ USA

Posted 06 April 2012 - 07:04 PM

Is nothing sacred...

F Secure technicle article..
http://www.f-secure.com/weblog/archives/00002336.html

On Monday, I provided steps on how to avoid your Mac being compromised by the Flashback trojan. Today I will provide information on how to locate a Flashback infection.

To better understand the steps below, it is better to also know a bit about Flashback. It's an OS X malware family that modifies the content displayed by web browsers. To achieve this, it interposes functions used by the Mac's browsers. The hijacked functions vary between variants but generally include CFReadStreamRead and CFWriteStreamWrite:


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 Broni

Broni

    The Coolest BC Computer

  • BC Advisor
  • PipPipPipPipPipPip
  • 27,351 posts
  • Gender:Male
  • Location:Daly City, CA

Posted 06 April 2012 - 07:32 PM

I wonder how they actually count/estimate number of infected computers....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif



#6 chromebuster

chromebuster

    Distinguished Member

  • Members
  • PipPipPipPipPip
  • 840 posts
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England

Posted 07 April 2012 - 12:24 AM

Yeah, see? This is exactly what I mean. People I know who own Macs just look at me weird when I tell them that they are becoming just as at risk as we who use Windows are. It's like they don't believe me, but if they read this post, then they would.
Raeder24. We're for community, accessibility for the blind, and technology support. Founded in 2008. join our community at raeder24.org

#7 jntkwx

jntkwx

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 3,502 posts
  • Gender:Male
  • Location:New England, U.S.A.

Posted 07 April 2012 - 09:56 AM

Apple Issues Second Java Update to Patch Vulnerability Exploited by Flashback Malware: http://www.intego.com/mac-security-blog/apple-issues-second-java-update-to-patch-vulnerability-exploited-by-flashback-malware/
Posted Image
Simple and easy ways to keep your computer safe and secure on the Internet

#8 buddy215

buddy215

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 4,950 posts
  • Gender:Male
  • Location:West Tennessee

Posted 07 April 2012 - 11:15 AM

Read another article this morning that I agree with. It pointed out that most never use Java. As the
writer pointed out he only has seen recently some crossword puzzles and one bank service that could
easily be worked around.

I suggest users, regardless of platform, disable Java in their browsers. It can easily be re-enabled if needed.
I think most will find they just don't need it.

From the web: To disable Java in Apple's Safari, go to the Safari menu, select "Preferences…" and click that window's Security heading, then click to clear the checkbox next to "Enable Java." To do the same in Mozilla Firefox, go to its Tools menu, select "Add-ons," click "Plugins" and click the "Disable" button to the right of the Java plug-in entry. In Google Chrome, click the wrench-icon menu, select "Under the Hood," and click the "Disable individual plug-ins" link.

This is the article: Secure your Mac from Flashback infection – USATODAY.com

If the man doesn't believe as we do, we say he is a crank, and that settles it. I mean, it does nowadays, because now we can't burn him.
-- Mark Twain, Following the Equator

Between believing a thing and thinking you know is only a small step and quickly taken.
-- Mark Twain, 3,000 Years Among the Microbes

#9 buddy215

buddy215

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 4,950 posts
  • Gender:Male
  • Location:West Tennessee

Posted 07 April 2012 - 02:02 PM

I wonder how they actually count/estimate number of infected computers....


In this case Dr. Web says they "hijacked" this particular botnet. They have a list of all IP addresses of the botnet.

QUOTE: Dr Web said that once the Trojan was installed it sent a message to the intruder's control server with a unique ID to identify the infected machine. "By introducing the code criminals are potentially able to control the machine," the firm's chief executive Boris Sharov told the BBC.

"We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals' hands. However, we know people create viruses to get money.


If the man doesn't believe as we do, we say he is a crank, and that settles it. I mean, it does nowadays, because now we can't burn him.
-- Mark Twain, Following the Equator

Between believing a thing and thinking you know is only a small step and quickly taken.
-- Mark Twain, 3,000 Years Among the Microbes

#10 black_icon

black_icon

    Forum Regular

  • Members
  • PipPipPip
  • 199 posts
  • Gender:Male

Posted 07 April 2012 - 05:13 PM

As a Mac user, it's time for me to be careful when downloading and doing something in the net, ayt? I'm sure Mac Support will always have malware warrior that will fight any malware distructions.
He who knows not and knows not that he knows not is FOOL but he who knows not and knows that he knows not is WISE

#11 rotor123

rotor123

    Forum Addict

  • Moderator
  • PipPipPipPipPipPip
  • 5,267 posts
  • Gender:Male
  • Location:New Jersey

Posted 09 April 2012 - 12:43 PM

+1 to jg, I have worked with macs for quite a while.. I and most of the security minded mac users have been saying for years that eventually this "safe haven" that the mac possessed was going to be broken and something large scale was going to happen such as this. Think of it from a person looking to steal a bunch of money from a bank, they have a plan, which involves vulnerabilities (ie the mac os). The only reason these malware writers hadn't gone as far as this before is because it wouldn't have been worth their time but also.. it would have closed a vulnerability that they knew about, I can almost guarantee that malicious writers know about fifty or so "holes" in OS X that have been around for years, they just haven't used them yet because they are saving them for.. well they were saving them for a time when apple's became more widely used, recently I read a story that said that mac's are now in 50 percent of american homes. There you have it, the perfect time for them to use those vulnerabilities. Who ever said OS X was impenetrable? Now lets all slowly walk away and go use a linux distro. :)


I've also been waiting for Apple computer penetration to be high enough to become a viable Malware target.
The bigger problem for Macs is that the users feel like they can't catch anything and don't worry about it. When the bad guys get into their checking account, credit card account and steal their identity after downloading their Income tax records.

And due to the cost of their systems they make a higher income target....

I'll bet the story got it wrong that Mac's are in 50% of US homes. And what they really meant was that 50% of US homes have an Apple product. Count Ipads, Iphones, Ipods & Apple TV maybe so.

My next Upgrade, USB 3 on my remaining desktop. The only External storage devices I currently Buy are USB3 devices

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

My first Computer had a Whopping 16K of memory @ 0.89MHz. My first hard drive held 20 Megabytes and never filled up.
My Oldest Motherboard and Hard Drive are a 80286 @ 8Mhz and a Seagate 20 Megabyte MFM drive.  

 

Forum Rules, The BC Welcome Guide

#12 buddy215

buddy215

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 4,950 posts
  • Gender:Male
  • Location:West Tennessee

Posted 10 April 2012 - 03:07 PM

Kaspersky Launches Free Flashback Removal Tool and Website to Check for Infections | PCWorld

........In order to make it easier for average users to check whether their computers are infected, Kaspersky Lab launched a website on Monday where people can input their systems' unique hardware identifiers (UUIDs) to see if they are among the almost 700,000 Macs known to be infected with Flashback so far.

Kaspersky also released a stand-alone removal tool for the Flashback malware, which Mac owners can download and use for free. However, it's probably a good idea to install a full-featured antivirus program after running this tool in order to prevent future infections............


If the man doesn't believe as we do, we say he is a crank, and that settles it. I mean, it does nowadays, because now we can't burn him.
-- Mark Twain, Following the Equator

Between believing a thing and thinking you know is only a small step and quickly taken.
-- Mark Twain, 3,000 Years Among the Microbes

#13 rotor123

rotor123

    Forum Addict

  • Moderator
  • PipPipPipPipPipPip
  • 5,267 posts
  • Gender:Male
  • Location:New Jersey

Posted 11 April 2012 - 09:20 AM

As a Mac user, it's time for me to be careful when downloading and doing something in the net, ayt? I'm sure Mac Support will always have malware warrior that will fight any malware distructions.



I hope you were being sarcastic with your message?

My next Upgrade, USB 3 on my remaining desktop. The only External storage devices I currently Buy are USB3 devices

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

My first Computer had a Whopping 16K of memory @ 0.89MHz. My first hard drive held 20 Megabytes and never filled up.
My Oldest Motherboard and Hard Drive are a 80286 @ 8Mhz and a Seagate 20 Megabyte MFM drive.  

 

Forum Rules, The BC Welcome Guide

#14 black_icon

black_icon

    Forum Regular

  • Members
  • PipPipPip
  • 199 posts
  • Gender:Male

Posted 11 April 2012 - 08:51 PM

What I was trying to say was that, is downloading something from the internet will lead my Mac to be infected with this Flashback or this malware will directly or automatically inject to the system and will harm it?
He who knows not and knows not that he knows not is FOOL but he who knows not and knows that he knows not is WISE

#15 rotor123

rotor123

    Forum Addict

  • Moderator
  • PipPipPipPipPipPip
  • 5,267 posts
  • Gender:Male
  • Location:New Jersey

Posted 12 April 2012 - 09:12 AM

Oh, OK

From here
Sophos Anti-Virus for Mac Home Edition
Free antivirus that works simply and beautifully
" Mac with Intel or PowerPC processor
256 MB of memory
150 MB of available disk space
Mac with OS X 10.4 (Tiger), 10.5 (Leopard), 10.6 (Snow Leopard) or 10.7 (Lion)
Supports all Apple Mac hardware including iMac, MacBook, MacBook Pro and the new MacBook Air
"

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
or here
http://download.cnet.com/Sophos-Anti-Virus-for-Mac-Home-Edition/3000-2239_4-75328306.html

I believe as long as you don't have Java installed or have installed the latest Java update from Apple you are probably safe as I understand it. It is a Drive By installer and you don't even realize it.

So I'd install the Antivirus and run a full scan just to be sure.

Good Luck
Roger

My next Upgrade, USB 3 on my remaining desktop. The only External storage devices I currently Buy are USB3 devices

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

My first Computer had a Whopping 16K of memory @ 0.89MHz. My first hard drive held 20 Megabytes and never filled up.
My Oldest Motherboard and Hard Drive are a 80286 @ 8Mhz and a Seagate 20 Megabyte MFM drive.  

 

Forum Rules, The BC Welcome Guide

Back to News


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. General Topics
  3. News
  4. Privacy Policy
  5. Rules ·