Friday, April 6, 2012
Trojan takes a byte out of Apple
UPDATE:
A week after it was announced that Flashback Trojan had infected about one percent of the world’s Macintosh computers, Apple has finally released a tool designed to remove the malware from infected systems.
Released yesterday (April 12), the software is part of a security update to Java and comes two days after the Cupertino, Calif.-based computer maker announced it was working on an automated way for users to remove the infection.
According to Apple’s website the patch “removes the most common variants of the Flashback malware” and “also configures the Java web plug-in to disable the automatic execution of Java applets.”
If you have an infected Mac, you can download the Java update and integrated tool here:
Looks like Apple is going to have to eat some humble pie.
After years of bashing Microsoft over how insecure and prone Windows was to malware infections, it appears that Mac computers have now been struck by virus – a variant of the Flashback Trojan that uses Javascript code to infect machines. Russian security company, Doctor Web recently announced that more than 600,000 Macs have been infected. Half those computers are located here in the U.S., and according to the company, 274 of those machines were located in Cupertino, Calif. where Apple has its headquarters. As of this morning, that number had dropped to 194 said Mikko Hypponen, a research officer with antivirus maker F-Secure, via his Twitter feed.
With an install base of about 45 million Macs, that means about one percent of all Macs have been infected by this virus, Hypponen said, which is makes this virus “roughly as common for Mac as Conficker was for Windows.”
However, not everyone thinks all 600,000 infections are from Macs. Aleks Gostev, chief security expert for the Global Research and Analysis Team at Kaspersky Lab, another antivirus maker, tweeted this morning: “We are not sure that all 500k #Flashback bots are Mac users. I have some suspicions that probably bot for Windows also presented [it].”
Regardless of how many Macs are truly infected, all Mac users should make sure their systems are fully patched by visiting Apple and downloading the latest patches.
To find out if your Mac is infected go to your Terminal.app and run:
cat ~/.MacOSX/environment.plist
and
codesign -v /Applications/Safari.app
If you get anything about "DYLD_INSERT_LIBRARIES" on the first and/or "code or signagure modified" on the second, then you are infected. Any other responses (including none) means you're fine.
If you are infected with the Flashback Trojan, here’s a link that details how remove it:
As always if you feel uncomfortable following any of these directions, feel free to contact me and I will be glad to help you remove this infection from your computer.
For more information about the Flashback Trojan, see the following links:
- http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-malware-from-os-x/
- http://www.pcmag.com/article2/0,2817,2402685,00.asp
- http://www.pcmag.com/article2/0,2817,2402685,00.asp
- http://www.informationweek.com/news/security/vulnerabilities/232800374
- http://arstechnica.com/apple/news/2012/04/flashback-trojan-reportedly-controls-half-a-million-macs-and-counting.ars
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment