Antivirus vendor Intego believes Flashback was created by the same people behind the MacDefender attack that hit last year. If you visit a malicious or unwillingly infected website hosting Flashback, the program attempts to display a specially crafted Java applet. If you have a vulnerable version of Java installed and enabled in your Web browser, the malicious code will infect your system and then install a series of components.
Since Apple did not release an update for that vulnerable version of Java until April 3rd, many users were and are still susceptible. After initial infection, Flashback pops open a Software Update window to try and obtain your administrative password, but it does so only to embed itself more deeply into your Mac. Once it succeeds in infecting your Mac, Flashback inserts itself into Safari and according to F-Secure appears to harvest information from your Web browsing activities, including usernames and passwords.
It then sends this information to command-and-control servers on the Internet. You do not need to enter your administrative password or to manually install anything. You have Java installed on your Mac. One way to find out: Open Terminal and type java -version at the prompt. It is installed by default on OS X But is installed the first time you need to run it, which means most Macs likely have it. Both of those updates install Java version 1. You allow Java applets to display in your browser.
More than half of the Macs infected are in the United States 57 percent , while another 20 percent are in Canada, Dr. Web said. The malware was initially found in September masquerading as a fake Adobe Flash Player plug-in installer, but in the past few months it has evolved to exploiting Java vulnerabilities to target Mac systems.
A new variant that surfaced over the weekend appears to be taking advantage of Java vulnerability for which Apple released a patch yesterday.
The malware will request an administrator password, and if one is supplied, it will install its package of code into the Applications folder.
He wiles away the late, late, late hours in orgies of sex and violence with the likes of "Sex With the Headless Corpse of the Virgin Astronaut". At night his dreams are of being a paid para-professional, part-time writer. Despite the propensity for causing discord, I use them now, right off the cuff, when addressing those of you who are using Macintosh computers.
We Mac users have been very complacent about our computers because, until recently, there really has not been reason to worry about viruses, trojans, exploits, etc. I have been using Macs for almost 30 years now, since the original was released in , and it was only last year that I installed anti-virus software.
Times change. By now many of you have read about the Flashback virus, which has infected over , computers, and are sufficiently, and rightly, scared.
The upshot is, though bad, it is fairly easy to diagnose and repair your machine. There is a lot of information out there, quite a bit of it gets heavy with jargon and looks technical, but I will present what I have researched as of this writing in as simple prose as possible with links to the more technical information for those interested. I will lay it out in four sections: What is Flashback? How do you check for it? What do you do if you have it?
What can you do in the future to protect yourself? I do so that all the information is in one place, but by all means, skip ahead to the section which is most important for you.
Using one of the above, aforementioned tools from F-Secure or Norton will automatically get rid of the malware from your computer without any further steps.
If you are, for some reason, wary of using one of these third-party tools, CNET's Topher Kessler provides a step-by-step guide on how to remove Flashback from your Mac.
This process also requires hopping into Terminal and running those commands, then tracking down where the infected files are stored, then manually deleting them. For good measure, it's also a good idea to change your online passwords at financial institutions and other secure services that you may have used while your computer was compromised.
It's unclear if this data was being targeted, logged, and sent as part of the attack, but it's a smart preventive behavior that's worth doing on a regular basis. So now that fixes are here, am I safe?
In a word, no. The Flashback authors have already shown themselves inclined to keep altering the malware to sidestep new security fixes. CNET's advice is primarily to download any software only from trusted sources. That includes the sites of known and trusted software makers, as well secured repositories such as CNET's Download. Also, as another rule of thumb, it's a good idea to keep third-party add-ons as up to date as possible so as to stay current with any security updates.
If you want to stay even safer, stay away from Java and other system add-ons unless they're needed by a trusted piece of software or a Web service. Updated at p. PT on April 5 with updated removal instructions. Updated on April 6 at a. PT with info on a second update from Apple, and at p. PT with information about Dr.
0コメント