• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • New Macintosh Trojan Disables Apple Anti-Malware

    There is a new trojan horse for Macintosh. Be very careful what you enter your password for.

    Another trojan has been unleashed onto the internet that affects Mac users. The name is Flashback.C. The trojan will execute under normal circumstances as when you download a .dmg file and run it. It will disguise itself as an Adobe Flash Player installation. Once it prompts you with your password, you better make sure that you downloaded the file from Adobe's website yourself, otherwise, close it immediately and eject the image and delete the disk image file (.dmg). I never recommend installing any updates automatically because files in your system can be tricked into downloading from inconspicuous sources (we here at modmyi know just how easy it is to trick a server we do it with Cydia all the time). When installing an update, I recommend only downloading directly from the legitimate site itself. If you are aware that there is an Adobe Flash Player update, just go to Adobe's site and download the .dmg file from them directly, then install it over what you have already. If you need a link, then download Adobe Flash Player from here, and don't download it from anywhere else. This will ensure your security or at least more so than just trusting a random popup that says you have an Adobe Flash Player update.

    This specific trojan horse, once installed, will wipe out files necessary for the malware definition updating process to run properly. This will leave your Mac vulnerable to malware. Again, I highlight the word 'malware' because Macs are armed with built in protection from malware which is anti-virus grade protection from malware. Malware only. To date, there has never been a successful virus launch for Mac OS X. Malware patches are offered by Apple regularly, and Trojan Horses occur maybe once or twice a year at best. Worms for Mac OS X are very rare. If you insist on saying that they're all the same and that Mac OS X has indeed had viruses you can read about the differences here. Apple swiftly deals a lethal blow to many of these security threats and the Mac continues to act as though nothing ever happened. When referring to anything that can do harm to your computer, remember that infections have categories and that just because what it does is bad doesn't make it a virus.

    Mac OS X Snow Leopard and Mac OS X Lion operate on the same security channel, getting updates from the same server with the same files. This means that anything that affects one operating system will affect the other. If you have the application LittleSnitch installed on your Mac, Flashback.C will automatically self-terminate itself before it does its malicious deed.

    Again, the best way to fight this new infection is to be aware of everything that is being downloaded into your computer and to understand its source. If you believe that you might have been infected by this trojan, or if you are just a worry wart that wants to make sure they haven't contracted it by mistake, F-Secure has instructions here on how to look for and remove Flashback.C. Good luck and stay safe!

    Do you know anyone who's been infected by Flashback.C? Share below!

    Sources: Macworld
    This article was originally published in forum thread: New Macintosh Trojan Disables Apple Anti-Malware started by Anthony Bouchard View original post
    Comments 46 Comments
    1. maddawg05's Avatar
      maddawg05 -
      I am sure there are more and more out there that we'll be seeing in the future.
    1. CustomSS1's Avatar
      CustomSS1 -
      How boring and sad must someones life be to make a virus/trojan to damage other computers?
      I mean seriously, do something useful in your life instead!
    1. Broomhead's Avatar
      Broomhead -
      executable file? I didn't think those files would open on a Mac, even if I wanted them to. Please someone shed some light on this...
    1. spazturtle's Avatar
      spazturtle -
      If you are running the new version of flash (11) it no longer updates though the installer. It has a section in system preferences that is used to update.
    1. Stray's Avatar
      Stray -
      Quote Originally Posted by Broomhead View Post
      executable file? I didn't think those files would open on a Mac, even if I wanted them to. Please someone shed some light on this...
      .dmg
    1. spazturtle's Avatar
      spazturtle -
      Quote Originally Posted by Broomhead View Post
      executable file? I didn't think those files would open on a Mac, even if I wanted them to. Please someone shed some light on this...
      A executable file is a file that you can run, like an .app or .sh
    1. Broomhead's Avatar
      Broomhead -
      Quote Originally Posted by Stray View Post
      .dmg
      executable is .exe

      .app is an application.
      .dmg is a disk image (a notion Windows users have trouble grasping)
      .sea is a self extracting archive which is like an app because it doesn't require another app to extract the compressed file it contains.
      I rarely see .sea anymore because developers release their apps on dmg's or they are compressed as plain stuffit archives or gz.
    1. spazturtle's Avatar
      spazturtle -
      Quote Originally Posted by Stray View Post
      .dmg
      .dmgs are disk files not executable files.
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by Broomhead View Post
      executable file? I didn't think those files would open on a Mac, even if I wanted them to. Please someone shed some light on this...
      I've always referred to .Dmg files as Mac executable files. Do you call them something different?
    1. spazturtle's Avatar
      spazturtle -
      Quote Originally Posted by Anthony Bouchard View Post
      I've always referred to .Dmg files as Mac executable files. Do you call them something different?
      Dmgs are not programmes they are virtual disks. An executable file is a file that run, executable means runable, files like .app or .sh are executable files.
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by spazturtle View Post
      Dmgs are not programmes they are virtual disks. An executable file is a file that run, executable means runable, files like .app or .sh are executable files.
      Thanks, I'll rewrite that portion of the article pronto.
    1. Broomhead's Avatar
      Broomhead -
      Quote Originally Posted by Anthony Bouchard View Post
      Thanks, I'll rewrite that portion of the article pronto.
      Thank you
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by Broomhead View Post
      executable is .exe
      .dmg is a disk image (a notion Windows users have trouble grasping)
      Not that I don't grasp the idea; a Mac/Windows user myself, I understand that completely. I refer to them as Mac executable counterparts actually for that exact reason. Windows users will understand the concept better.
    1. Broomhead's Avatar
      Broomhead -
      Quote Originally Posted by Anthony Bouchard View Post
      Not that I don't grasp the idea; a Mac/Windows user myself, I understand that completely. I refer to them as Mac executable counterparts actually for that exact reason. Windows users will understand the concept better.
      That was not directed at you personally. I had no idea of your operating system
    1. AfterMercyFM's Avatar
      AfterMercyFM -
      I thought I infected my MBP with it since the Adobe Flash wanted to update a few times. I thought it was strange at the time but updated anyway. When I read this post I figured I infected my computer and went to look for the string of code in the .plist for Safari but couldn't find it. Does that mean I'm not infected or what? Also, I installed LittleSnitch, which if I do have the trojan it would be too late anyhow, but now I can't quit or uninstall it. Amidoinitrong? :no idea:

      EDIT: Found the uninstaller option in the .dmg but still unsure if I'm infected.
    1. ScooterComputer's Avatar
      ScooterComputer -
      Quote Originally Posted by spazturtle View Post
      If you are running the new version of flash (11) it no longer updates though the installer. It has a section in system preferences that is used to update.
      That is incorrect. The Check Now button in the PrefPane simply sends you to an Adobe downloads page. It (the page) doesn't even bother to sniff your player version and tell you if you need the update or not. Furthermore, up until a few weeks ago, the certificate for the page was wrong and would cause Safari to throw an error dialog.

      This is a mess. And it is all on Apple.
    1. akafred's Avatar
      akafred -
      but but mac's dont get viruses!! i was lied to!!! lol proves that any OS has vulnerabilities, and the dumber the user the more likely to get affected..
    1. duromega's Avatar
      duromega -
      Quote Originally Posted by Anthony Bouchard View Post
      I've always referred to .Dmg files as Mac executable files. Do you call them something different?
      executable or disk image Anthony refereed in the article as a (dmg) when I was reading and saw "executable" I was a little confused but then he specified (dmg) i knew what he was talking about if you have a mac you should know mac os sees the file in other language, here the point is not the file type is to mac users know there is a worm out there I'm gonna be aware and I won't update my Adobe Flash automatically!! Thank you Anthony for the article!
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by AfterMercyFM View Post
      I thought I infected my MBP with it since the Adobe Flash wanted to update a few times. I thought it was strange at the time but updated anyway. When I read this post I figured I infected my computer and went to look for the string of code in the .plist for Safari but couldn't find it. Does that mean I'm not infected or what? Also, I installed LittleSnitch, which if I do have the trojan it would be too late anyhow, but now I can't quit or uninstall it. Amidoinitrong? :no idea:

      EDIT: Found the uninstaller option in the .dmg but still unsure if I'm infected.
      If you can't find the details necessary to remove it then you should be fine.
    1. moon#pie's Avatar
      moon#pie -
      Quote Originally Posted by AfterMercyFM View Post
      I thought I infected my MBP with it since the Adobe Flash wanted to update a few times. I thought it was strange at the time but updated anyway. When I read this post I figured I infected my computer and went to look for the string of code in the .plist for Safari but couldn't find it. Does that mean I'm not infected or what? Also, I installed LittleSnitch, which if I do have the trojan it would be too late anyhow, but now I can't quit or uninstall it. Amidoinitrong? :no idea:

      EDIT: Found the uninstaller option in the .dmg but still unsure if I'm infected.
      if it looked like that standard adobe AIR style installer, then you're fine. this looks like a pkg installer. I thought it did the same thing when I read this.