Jump to content

Welcome to JWSOUNDGROUP
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, get your own private messenger, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!

Photo

BBC News: Thousands of Macs hit by Trojan


  • Please log in to reply
20 replies to this topic

#1
New Mexico Sound

New Mexico Sound
  • LocationAlbuquerque / Santa Fe
http://www.bbc.co.uk...onment-17623422

(Qoute)

5 April 2012 Last updated at 08:54 ET

Half a million Mac computers 'infected with malware'

More than half a million Apple computers have been infected with the Flashback Trojan, according to a Russian anti-virus firm.

An investigation by Dr Web suggests that about 600,000 Macs have installed the malware - potentially allowing them to be hijacked and used as a "botnet".

It says that more than half that number are based in the US.

Apple has released a security update, but users who have not installed the patch remain exposed.
Flashback was first detected last September when anti-virus researchers flagged up software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer's security software.

Later versions of the malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user's permission.

Remote control

Dr Web said that once the Trojan was installed it sent a message to the intruder's control server with a unique ID to identify the infected machine.

"By introducing the code criminals are potentially able to control the machine," the firm's chief executive Boris Sharov told the BBC.

"We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals' hands. However, we know people create viruses to get money.

"The largest amounts of bots - based on the IP addresses we identified - are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people."

Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California - home to Apple's headquarters.

Update wait

Java's developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.

Apple released its own "security update" on Wednesday - more than eight weeks later. It can be triggered by clicking on the software update icon in the computer's system preferences panel.

The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.

Although Apple's system software limits the actions its computers can take without requesting their users' permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable.

"People used to say that Apple computers, unlike Windows PCs, can't ever be infected - but it's a myth," said Timur Tsoriev, an analyst at Kaspersky Lab.

Apple could not provide a statement at this time.

(end Quote)

 

 

 

Respect the process. Jim Gallup

 

Jim Gallup

http://www.newmexicosoundrecordist.com


#2
Jay Rose

Jay Rose
  • LocationBoston US
From what I read (CNet, F-Secure), it's not really a trojan:
It -tries- to infect by saying it's an update and asking for your admin password so it can install at root...
but if it doesn't get the password, it'll install in the user's directory anyway and still be active.

Nasty...

Again, from what I read, disabling Java will disable it. Then getting Apple's Java update fixes the vulnerability. But no idea if that affects any other software it might have installed.

#3
RadoStefanov

RadoStefanov
  • LocationLas Vegas US
There is price to pay for becoming popular.

Sent from my HD7 T9292 using Board Express
Las Vegas Nevada Sound Mixer

#4
New Mexico Sound

New Mexico Sound
  • LocationAlbuquerque / Santa Fe
speaking of "popular "...

[ from The Washington Post - published 4/3/12]

(quote)

RIM’s LAST BASTION


BlackBerry remains official Washington’s smartphone even as its maker’s fortunes decline


By Cecilia Kang The Washington Post.

Outside Washington, the world is moving at warp speed away from the BlackBerry.

At its maker, profits are declining and executives are leaving, and the BlackBerry has even conceded its perch as the top smartphone in its native Canada.

Inside the Beltway, time stands still.

A half-million federal workers, President Barack Obama and his staff among them, are still thumbing little black keyboards on little black devices.

And that number hasn’t dipped over the past few years while Research in Motion, BlackBerry’s maker, has recorded plummeting sales everywhere else.

The slow-moving federal bureaucracy is keeping the BlackBerry around.

But RIM’s intensifying troubles and thriving rivals are confronting Washington with a question: Should it break its BlackBerry addiction?

Some agencies are already loosening their policies to let workers choose other smartphones.

Lawmakers and aides can now bring iPhones into the halls of Congress.

But, for the most part, the government hasn’t joined the smartphone revolution.

“We appreciate RIM’s focus on security, which is paramount for government use,” said Casey Coleman, the chief information officer at the General Services Administration.

The agency has issued some iPhones and Android-based phones for staffers, but the vast majority of its 12,000 agency-issued phones are BlackBerrys.

But Coleman added that other platforms are proving equally secure.

The GSA, she said, places “a priority on adoption where appropriate of innovative new technologies.”

Agencies and big contractors note that the BlackBerry is cheaper than the iPhone and many Android devices.

IT departments across the govern ment have years-long contracts with RIM and the wireless carriers that promote the device.

And tech staffers at federal agencies are trained to fix BlackBerry products, which makes it harder to switch to new technologies, analysts say.

Plus, newer devices aren’t as secure as the BlackBerry, some agency officials said.

The slow pace of change has made the BlackBerry as much a part of federal culture as shortsleeve, white-collared shirts were among NASA engineers or lapel pins are among politicians on Capitol Hill.

Some analysts even expect Washington to become the last bastion for RIM’s devices.

That would leave many Washingtonians with smartphone envy.

Paul Silder, a government contractor, says he feels stuck with the BlackBerry that the Department of Homeland Security gave him.

So the 44-year-old father of two is left longing for an iPhone or an Android that he can proudly tuck into the holster on his left hip.

“I want a bigger screen. I only really use it for work, but it would be nice to surf the Web more easily,” Silder sighs.

RIM said it is making a full-court press among government agencies, touting the security of its no-nonsense devices.

“The federal government is a very important market to us and will continue to be. It is our core strength,” said Scott Totzke, a RIM senior vice president.

Just look at how hackers breached the accounts of Google’s mail service in the past year, other RIM executives have noted.

And do you really want workers distracted by the temptation of claiming daily coupons or posting pictures on Facebook on their smartphones when they should be writing policy papers or legislation?

(end quote)

 

 

 

Respect the process. Jim Gallup

 

Jim Gallup

http://www.newmexicosoundrecordist.com


#5
benr

benr
  • LocationSacramento, CA

There is price to pay for becoming popular.

Sent from my HD7 T9292 using Board Express

Exactly. And all that talk and marketing about no virus's for all those years makes them a perfect target to get slapped in the face and have to put their foot in their mouth. I always thought that kind of advertising was dumb on their part.

#6
RadoStefanov

RadoStefanov
  • LocationLas Vegas US
one of the main reason I use windows is the security.
and yes apple advertising "propaganda" is dishonest.
But thier worst offense is every mac  out of the box does not have the firewall on.
Las Vegas Nevada Sound Mixer

#7
Jay Rose

Jay Rose
  • LocationBoston US
CNet has posted diagnostics to see if you've got it... it just means copying/pasting a couple of lines into Terminal app.
They've also got a link to F-Secure's site where they explain how to remove it.

...

So far the machines I've checked - not only all my studio's, but also my sister's home machine and she's not a techie - have been clean. Apparently, while it tries to self-install into /user if it doesn't get admin permissions, it aborts that kind of install if it sees a couple of common apps that conflict with it... including the current and recent Word/Mac.

#8
Richard Lightstone, CAS

Richard Lightstone, CAS
  • LocationLos Angeles
In regards to RIM Blackberry - I remember when Great Britain and a few other European countries were suddenly not using their Blackberries because they discovered that ALL the emails and sensitive data was all centered in the United States and the NSA had total access if warranted.

Every computer and phone system is hackable.

#9
Marc Wielage

Marc Wielage
  • LocationNorthridge, CA
Checked mine this morning -- no issues. If you read the story carefully, they say potentially thousands of Macs could be affected. Well, potentially, I could get hit by lightning tomorrow, too.

one of the main reason I use windows is the security. and yes apple advertising "propaganda" is dishonest. But thier worst offense is every mac out of the box does not have the firewall on.

Software firewalls don't work very well, in my opinion. We use routers with built-in hardware firewalls on all our systems, and those are fairly robust.

Noted Windows security expert Steve Gibson has said that the really sophisticated Windows viruses can go in and turn off the software firewalls, kind of defeating the purpose.
www.cinesound.tv | location sound • post-production consultant

#10
studiomprd

studiomprd
  • LocationHollywood CA
" NSA had total access if warranted. "
NSA has total access even if not warranted. :ph34r:
SENATOR Mike Michaels, c.a.s.
Studio M Productions

#11
Christopher Mills

Christopher Mills
access, hell.. they keep a copy of everything transmitted over the web through any node in the USA. Whether they can and do sift and mine it in a useful way is another question entirely..

#12
studiomprd

studiomprd
  • LocationHollywood CA
they named it Carnivore!
SENATOR Mike Michaels, c.a.s.
Studio M Productions

#13
Vasileios Alexandris

Vasileios Alexandris
  • LocationThessaloniki
http://howto.cnet.co...your-mac-safer/

:mellow:

Vasileios Alexandris

Sound Recordist

Greece, Thessaloniki


#14
New Mexico Sound

New Mexico Sound
  • LocationAlbuquerque / Santa Fe
thx for the reminder Vasileios, I failed to follow this up.

I did this test the other day.
here are the some of the highlights:

From CNet

Easy to follow instructions.

http://reviews.cnet....-rid-of-it-faq/

I also did an Apple software update. The Java patch was included in my update.

(From the instructions)...

"Of note, the Java security fixes are only available on Mac OS X 10.6.8 and later, so if you're running OS X 10.5 or earlier, you will still be vulnerable. Apple has stopped supplying software updates for these operating systems."

How do I tell if I have it?
Right now the easiest way to tell if your computer has been infected is to run some commands in Terminal, a piece of software you'll find in the Utilities folder in your Mac's Applications folder. If you want to find it without digging, just do a Spotlight search for "Terminal."

Once there, copy and paste each one of the code strings below into the terminal window. The command will run automatically:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If your system is clean, the commands will tell you that those domain/default pairs "does not exist." If you're infected, it will spit up the patch for where that malware has installed itself on your system.


I took a screen grab of my "Terminal" test.

Attached Files


 

 

 

Respect the process. Jim Gallup

 

Jim Gallup

http://www.newmexicosoundrecordist.com


#15
Jeff Wexler

Jeff Wexler
  • LocationSanta Monica, CA USA
There is a simple utility software that wraps the Terminal commands with a simple interface (for those afraid to deal with Terminal).


Download

FlashbackChecker 1.0

Jeff Wexler, CAS
Santa Monica, California
 
"I don't care if you've got ninety tracks... what does it sound like, baby"
- Ray Charles

#16
Soundwil

Soundwil
  • LocationCardiff, Wales, UK
Nice one Jeff.
Wil

#17
Jeff Wexler

Jeff Wexler
  • LocationSanta Monica, CA USA
I will be interested to see how many Mac users in our little community can be counted along with the 500,000 victims of this latest attack.
Jeff Wexler, CAS
Santa Monica, California
 
"I don't care if you've got ninety tracks... what does it sound like, baby"
- Ray Charles

#18
soundslikejustin

soundslikejustin
  • LocationBrisbane, Australia
Interesting, taken from the F-Secure website:


Installation


On execution, the malware checks if the following path exists in the system:

  • /Library/Little Snitch
  • /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
  • /Applications/VirusBarrier X6.app
  • /Applications/iAntiVirus/iAntiVirus.app
  • /Applications/avast!.app
  • /Applications/ClamXav.app
  • /Applications/HTTPScoop.app
  • /Applications/Packet Peeper.app

If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.



I've got ClamXav. It's free, and this malware seems to be afraid of it :)


Justin Harrison
Brisbane, QLD, Australia

#19
Marc Wielage

Marc Wielage
  • LocationNorthridge, CA
We have five Macs in this house, and they're all virus-free as of yesterday. The two or three Windows machines are running Microsoft Security Essentials, and as far as I know, they're OK as well.

People forget that a lot of virus/trojan horse activity happens because of what the user does with the computer. It's as much a social problem as it is a technical problem; you get on the wrong website, or click a link in an email, or install a program you're not sure about... bad things can happen.
www.cinesound.tv | location sound • post-production consultant

#20
Soundwil

Soundwil
  • LocationCardiff, Wales, UK

I will be interested to see how many Mac users in our little community can be counted along with the 500,000 victims of this latest attack.

My Macbook pro's clean - snow leopard - updated regularly.

#21
geordi

geordi
  • LocationSavannah Based, have gear, will travel!

It's as much a social problem as it is a technical problem; you get on the wrong website, or click a link in an email, or install a program you're not sure about... bad things can happen.


Very true, and the virus writers count on this, which is why this particular virus masquerades as an update to Adobe Flash.

I seem to remember a period a couple months ago where opening some of my usual sites (Such as CNN) would suddenly generate a "You must update Flash now, click here to start installing" from an INSTALLER ITSELF, not a fake ad popup. This happened repeatedly over several days, to the point where I was amazingly annoyed with Adobe products.

Of note: I use Firefox, Flashblock, NoScript, AdBlockPlus, AND LittleSnitch on all my computers - I see no ads on the internet, and yea, I have the security settings screwed down pretty tight... So for basic websites that I know are safe to be starting Flash and then for Flash to be auto-starting an installer... I DO NOT LIKE THAT. I never did accept any of those auto-starting installers, but if it checks for Little Snitch, then I wouldn't have been infected anyway I guess. I finally manually went and downloaded a fresh copy of the player, and the annoy-o-tron updaters stopped, at least for a while.

Isn't it about time for the internet to give up on Flash entirely? Quite a few security holes in ALL the operating systems have been traced back to that coding mess.
I can't spell ADR

Jim H
Gator Audio, Savannah-based production sound that doesn't bite.
http://www.gatoraudio.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users