Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Mac Flashback Malware Variant Detected by Intego


  • Please log in to reply
No replies to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:04:39 AM

Posted 26 April 2012 - 08:51 AM

http://www.eweek.com/c/a/Security/New-Mac-Flashback-Malware-Variant-Detected-by-Intego-848607/


The Mac Flashback malware continues to haunt users, with a new variant recently found in operation, according to Mac security software vendor Intego.

The new variant, Flashback.S, uses the same vulnerability in Java that the previous versions had exploited, but it operates in a slightly different way, Intego researchers said in an April 23 post on the company's Mac Security Blog. The new variant doesn't require a password to be installed, according to Intego researchers.

In addition, the malware places its files in the user's home folder, at these locations:

~/Library/LaunchAgents/com.java.update.plist

~/.jupdate

"It then deletes all files and folders in ~/Library/Caches/Java/cache in order to delete the applet from the infected Mac, and avoid detection or sample recovery," the researchers wrote. "Intego has several samples of this new Flashback variant, which is actively being distributed in the wild."


See also: New Flashback Variant Continues Java Attack, Installs Without Password

It’s worth noting that this variant will not install if it finds Intego VirusBarrier X6, Xcode or Little Snitch installed on the Mac it tries to attack.


Edited by Union_Thug, 26 April 2012 - 08:55 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users