Home > Blogs > Flashbacks On Your Mac?

Unless you live under a rock, by now, you should have learned about the Flashback trojan that has compromised over 600,000 Apple computers.

Care to learn what you can do?  Read on...


Here is some background, in case you're surprised to find that your impervious Apple computer may be totally compromised:

1.  public.dev.drweb.com/april/  Website to check your Hardware UUID as hacked

2.  www.f‐secure.com/v‐descs/trojan‐downloader_osx_flashback_k.shtml = How Flashback works.

3.  http://news.cnet.com/8301-27076_3-57410050-248/mac-flashback-malware-what-it-is-and-how-to-get-rid-of-it-faq/  Interesting article, with good background information.

I've alerted Macophile authors and owners for more than a decade that we would see malware outbreaks on par with Windows damage:  Once The Apple Platform Got Its Numbers.  The swelling popularity of iAnything has boosted Apple sales, making it likely that a virus, trojan, or worm writer would find devices in sufficient numbers needed to justify the time [mis]spent on coding an attack.  We're There.  They're Here.  Get Used to It!

How bad is this attack?  Vicious.  Gnarly.  Shameful.  Merely visiting a hacked site can load the trojan, whether you knowingly install something or not.  This is standard attack methodology, one that counts on your naivete regarding modern security practices needed on this side of the century marker...

1.  Do you have anti-virus installed on your Apple Computer?

If not, get some.  There are free alternatives in the App store as well as commercial products by vendors dedicated to supporting the Apple platforms.

2.  Do you update your Apple computers often? 

Do you check for updates at least weekly?  Apple has updated both its Java code AND Xprotect, the tool that keeps you most out of harm's way.

3.  Do you run your computer with an Administrator account, ALWAYS, at all times? 

If so, you are allowing malware to trick you into performing deep attacks against your system.

4.  Do you respond with an Administrator account any time you see a web link or page ask you to install software?

If so, stop this practice and spend more time at the App store.  Only give a process Administrator authority when the pop-up is tied to a software installation or upgrade that you _knowingly_ triggered.

You may have believed the hype; maybe hoped that Apple computers were invulnerable to attack.  Ha!

As you review the urls I provide, you may think digging this malware code out is as simple as running 3 commands.  Wrongo!  The commands need to be run against each browser on your system.  It was brilliant that CNet asked you to run the command against Firefox as well as the the common Safari browser.  But what about you Chrome users?  Think of the big picture.  Any application, maybe an app your organization gives you, any application that supports browser functionality and saves plists that can do auto-start:  These applications may also need checking???

I provide this information to support my main points.  Now that Apple computers are big league, you must adapt your computing practices to support Big League threats.  To clean up this mess, for example, you're likely to need to know more about the UNIX prompt.  Egads!

If your UUID shows up on Dr. Web's site and you want more information on purging this malware from your system, comment below.  Also start thinking of ways to improve your computing practices today.  Ask Questions.  I'm here to help.

This code targets important work like banking system contacts.  At a recent tradeshow, I saw code at work that grabs saved passwords from the keychain. 

It's a new world for us Mac Users.  I'm not sure you'll like it as much.


jt


Comments

comments powered by Disqus