• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • New Macintosh Trojan Disables Apple Anti-Malware

    There is a new trojan horse for Macintosh. Be very careful what you enter your password for.

    Another trojan has been unleashed onto the internet that affects Mac users. The name is Flashback.C. The trojan will execute under normal circumstances as when you download a .dmg file and run it. It will disguise itself as an Adobe Flash Player installation. Once it prompts you with your password, you better make sure that you downloaded the file from Adobe's website yourself, otherwise, close it immediately and eject the image and delete the disk image file (.dmg). I never recommend installing any updates automatically because files in your system can be tricked into downloading from inconspicuous sources (we here at modmyi know just how easy it is to trick a server we do it with Cydia all the time). When installing an update, I recommend only downloading directly from the legitimate site itself. If you are aware that there is an Adobe Flash Player update, just go to Adobe's site and download the .dmg file from them directly, then install it over what you have already. If you need a link, then download Adobe Flash Player from here, and don't download it from anywhere else. This will ensure your security or at least more so than just trusting a random popup that says you have an Adobe Flash Player update.

    This specific trojan horse, once installed, will wipe out files necessary for the malware definition updating process to run properly. This will leave your Mac vulnerable to malware. Again, I highlight the word 'malware' because Macs are armed with built in protection from malware which is anti-virus grade protection from malware. Malware only. To date, there has never been a successful virus launch for Mac OS X. Malware patches are offered by Apple regularly, and Trojan Horses occur maybe once or twice a year at best. Worms for Mac OS X are very rare. If you insist on saying that they're all the same and that Mac OS X has indeed had viruses you can read about the differences here. Apple swiftly deals a lethal blow to many of these security threats and the Mac continues to act as though nothing ever happened. When referring to anything that can do harm to your computer, remember that infections have categories and that just because what it does is bad doesn't make it a virus.

    Mac OS X Snow Leopard and Mac OS X Lion operate on the same security channel, getting updates from the same server with the same files. This means that anything that affects one operating system will affect the other. If you have the application LittleSnitch installed on your Mac, Flashback.C will automatically self-terminate itself before it does its malicious deed.

    Again, the best way to fight this new infection is to be aware of everything that is being downloaded into your computer and to understand its source. If you believe that you might have been infected by this trojan, or if you are just a worry wart that wants to make sure they haven't contracted it by mistake, F-Secure has instructions here on how to look for and remove Flashback.C. Good luck and stay safe!

    Do you know anyone who's been infected by Flashback.C? Share below!

    Sources: Macworld
    This article was originally published in forum thread: New Macintosh Trojan Disables Apple Anti-Malware started by Anthony Bouchard View original post
    Comments 46 Comments
    1. maddawg05's Avatar
      maddawg05 -
      Quote Originally Posted by akafred View Post
      but but mac's dont get viruses!! i was lied to!!! lol proves that any OS has vulnerabilities, and the dumber the user the more likely to get affected..
      Never was a vulnerability question but more were written for the more popular counter part...windows.
    1. iliveudie's Avatar
      iliveudie -
      Quote Originally Posted by akafred View Post
      but but mac's dont get viruses!! i was lied to!!! lol proves that any OS has vulnerabilities, and the dumber the user the more likely to get affected..
      Someone didn't read the article lol. Like the article said, there has been no VIRUS for Mac to date! Only Trojans, which is different!!!
    1. Cer0's Avatar
      Cer0 -
      The screen for the offical installer for Flash from Adobe:

      Attachment 551084


      The screen for the trojan flash:

      Attachment 551085
    1. Broomhead's Avatar
      Broomhead -
      Thanks cer0
    1. raduga's Avatar
      raduga -
      To date, there has never been a successful virus launch for Mac OS X.
      You can keep saying that if it makes you feel better.

      However, the main reason classical viruses haven't been a problem for OS X is not because its magically immune, but because classical viruses are boring and offer such limited value per h4x, hardly anyone writes new viruses anymore.

      worms, bots, trojans and BHOs are what all the cool kids are doing these days, and the number of these that target OS X is rising...
    1. fungrified's Avatar
      fungrified -
      Good, anti-virus on a mac is useless anyway
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by raduga View Post
      You can keep saying that if it makes you feel better.

      However, the main reason classical viruses haven't been a problem for OS X is not because its magically immune, but because classical viruses are boring and offer such limited value per h4x, hardly anyone writes new viruses anymore.

      worms, bots, trojans and BHOs are what all the cool kids are doing these days, and the number of these that target OS X is rising...
      Nothing was mentioned saying that Mac OS X was, "magically immune" to viruses. Be careful in using irrelevant facts not present in the details given to misconstrue and over-think something. The other examples you gave were mentioned in my writing saying that they are not viruses. So the fact that they're rising in numbers doesn't make them any more relevant to that statement, "magically immune."
    1. MrNewbdude's Avatar
      MrNewbdude -
      So if I purchase "Little Snitch" will it prevent Trojans like this from harming me all together, even if I accidentally do key in my password? Reading the F-Secure instructions for removing the Trojan it says:
      On installation, the installer first checks if the following file is found in the system:/Library/Little Snitch/lsdLittle Snitch is a firewall program for Mac OS X. If the program is found, the installer will skip the rest of its routine and proceed to delete itself.
      Does that mean it would self-delete prior to doing any damage? That's how it sounds to me, can anyone clarify please?Thanks,
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by MrNewbdude View Post
      So if I purchase "Little Snitch" will it prevent Trojans like this from harming me all together, even if I accidentally do key in my password? Reading the F-Secure instructions for removing the Trojan it saysoes that mean it would self-delete prior to doing any damage? That's how it sounds to me, can anyone clarify please?Thanks,
      It won't prevent them. The trojan just deletes itself after it harms your computer to hide the fact that it was ever there.
    1. duromega's Avatar
      duromega -
      Quote Originally Posted by Cer0 View Post
      The screen for the offical installer for Flash from Adobe:

      Attachment 551084


      The screen for the trojan flash:

      Attachment 551085
      Thank you so much!
    1. raduga's Avatar
      raduga -
      Quote Originally Posted by Anthony Bouchard View Post
      Nothing was mentioned saying that Mac OS X was, "magically immune" to viruses. Be careful in using irrelevant facts not present in the details given to misconstrue and over-think something. The other examples you gave were mentioned in my writing saying that they are not viruses. So the fact that they're rising in numbers doesn't make them any more relevant to that statement, "magically immune."
      The point is that viruses (in the strict sense) aren't much of a threat anyone these days, unless they're running Classic Macs or pre-SP2 Windows PCs. The things that do threaten modern Windows machines, however, very much threaten modern Macs as well.

      Arguing about classical viruses is only of historical interest, unless you regularly dig through piles of floppy disks. Your Mac today faces the same risks and the same threats and same dangers as any internet-capable PC, barring extensive mitigation (on the level of iOS). I wouldn't much care, but posting articles that encourage other users to be careless and foolish makes more (and more annoying) work for the guys who have to clean up security incidents.
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by raduga View Post
      I wouldn't much care, but posting articles that encourage other users to be careless and foolish makes more (and more annoying) work for the guys who have to clean up security incidents.
      My article encourages Mac users to be careful of what they download and to take measures of precaution when executing disk images. It doesn't encourage foolish mistakes or careless behavior.
    1. BenderRodriguez's Avatar
      BenderRodriguez -
      Thanks for the info good article
    1. Waaasobe's Avatar
      Waaasobe -
      how do i scan ? because i just updated my adobe flash player and im worried as hell now
    1. luvmytj's Avatar
      luvmytj -
      Little Snitch comes through again! I installed LS over a year ago and love it. Now it may have saved me from installing malware. I highly recommend Little Snitch to all Mac users. It tracks every connection in and out and lets you decide if you want to allow it.
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by luvmytj View Post
      Little Snitch comes through again! I installed LS over a year ago and love it. Now it may have saved me from installing malware. I highly recommend Little Snitch to all Mac users. It tracks every connection in and out and lets you decide if you want to allow it.
      LittleSnitch does not protect you from this trojan. The trojan executes, ruins your system, AND THEN deletes itself.

      Quote Originally Posted by Waaasobe View Post
      how do i scan ? because i just updated my adobe flash player and im worried as hell now
      Just follow the instructions at the end of my article to see if you've been infected.
    1. Waaasobe's Avatar
      Waaasobe -
      ^ yea i dont get it , im not all that tech savy if im honest i just got confused
    1. Stray's Avatar
      Stray -
      Quote Originally Posted by spazturtle View Post
      .dmgs are disk files not executable files.
      Yeah I know. Anthony was referring to .dmg's as executables
    1. Cer0's Avatar
      Cer0 -
      Quote Originally Posted by Anthony Bouchard View Post
      LittleSnitch does not protect you from this trojan. The trojan executes, ruins your system, AND THEN deletes itself.
      In this case LittleSnitch does stop it.

      To complete its installation/infection, Flashback.C requires the user to key in the administrator password.

      On installation, the installer first checks if the following file is found in the system:

      /Library/Little Snitch/lsd
      .

      Little Snitch is a firewall program for Mac OS X. If the program is found, the installer will skip the rest of its routine and proceed to delete itself.
      Source: Threat Description: Trojan-DownloaderSX/Flashback.C

      So if the trojan sees that littlesnitch is installed, which is the first thing it does, it willgo no further and delete itself. Basically it will not move on to any othe rline of code.

      Quote Originally Posted by Anthony Bouchard View Post
      The trojan executes, ruins your system, AND THEN deletes itself.
      Also as of right now it doesn't ruin your system. You are just infected awaiting further instructions as your info is being passed along.
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by Cer0 View Post
      In this case LittleSnitch does stop it.

      Source: Threat Description: Trojan-DownloaderSX/Flashback.C

      So if the trojan sees that littlesnitch is installed, which is the first thing it does, it willgo no further and delete itself. Basically it will not move on to any othe rline of code.

      Also as of right now it doesn't ruin your system. You are just infected awaiting further instructions as your info is being passed along.
      I'm speechless. Nice find.