+ Reply
Page 2 of 3 FirstFirst 123 LastLast
Results 21 to 40 of 47

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: New Macintosh Trojan Disables Apple Anti-Malware

is a discussion within the

Mac News

forums, a part of the

General Apple/Mac

section;
Originally Posted by AfterMercyFM I thought I infected my MBP with it since the Adobe Flash wanted to update a few times. I thought it was strange at the time
...
  1. #21
    Developing Developer moon#pie's Avatar
    Join Date
    Jan 2010
    Posts
    5,215
    Thanks
    781
    Thanked 372 Times in 307 Posts

    Quote Originally Posted by AfterMercyFM View Post
    I thought I infected my MBP with it since the Adobe Flash wanted to update a few times. I thought it was strange at the time but updated anyway. When I read this post I figured I infected my computer and went to look for the string of code in the .plist for Safari but couldn't find it. Does that mean I'm not infected or what? Also, I installed LittleSnitch, which if I do have the trojan it would be too late anyhow, but now I can't quit or uninstall it. Amidoinitrong? :no idea:

    EDIT: Found the uninstaller option in the .dmg but still unsure if I'm infected.
    if it looked like that standard adobe AIR style installer, then you're fine. this looks like a pkg installer. I thought it did the same thing when I read this.


    Twitter: @tshoults

  2. #22
    iPhone? More like MyPhone maddawg05's Avatar
    Join Date
    Jan 2009
    Location
    Orlando
    Posts
    241
    Thanks
    5
    Thanked 10 Times in 8 Posts

    Quote Originally Posted by akafred View Post
    but but mac's dont get viruses!! i was lied to!!! lol proves that any OS has vulnerabilities, and the dumber the user the more likely to get affected..
    Never was a vulnerability question but more were written for the more popular counter part...windows.

  3. #23
    iPhone? More like MyPhone
    Join Date
    Jan 2011
    Posts
    142
    Thanks
    8
    Thanked 19 Times in 16 Posts

    Quote Originally Posted by akafred View Post
    but but mac's dont get viruses!! i was lied to!!! lol proves that any OS has vulnerabilities, and the dumber the user the more likely to get affected..
    Someone didn't read the article lol. Like the article said, there has been no VIRUS for Mac to date! Only Trojans, which is different!!!

  4. #24
    Super Moderator Cer0's Avatar
    Join Date
    Apr 2008
    Location
    MN/WI
    Posts
    13,984
    Thanks
    388
    Thanked 1,138 Times in 888 Posts

    The screen for the offical installer for Flash from Adobe:

    New Macintosh Trojan  Disables Apple Anti-Malware-adobe-flash-player-10_3.jpg


    The screen for the trojan flash:

    New Macintosh Trojan  Disables Apple Anti-Malware-flashback_c_installer.jpg

  5. The Following 2 Users Say Thank You to Cer0 For This Useful Post:

    moon#pie (10-19-2011), raduga (10-19-2011)

  6. #25
    Moderator Admin Broomhead's Avatar
    Join Date
    Sep 2007
    Location
    Outside Chicago IL
    Posts
    17,145
    Thanks
    502
    Thanked 1,717 Times in 1,170 Posts

    Thanks cer0

  7. #26
    Livin the i raduga's Avatar
    Join Date
    May 2009
    Posts
    1,638
    Thanks
    228
    Thanked 94 Times in 85 Posts

    To date, there has never been a successful virus launch for Mac OS X.
    You can keep saying that if it makes you feel better.

    However, the main reason classical viruses haven't been a problem for OS X is not because its magically immune, but because classical viruses are boring and offer such limited value per h4x, hardly anyone writes new viruses anymore.

    worms, bots, trojans and BHOs are what all the cool kids are doing these days, and the number of these that target OS X is rising...
    Last edited by raduga; 10-19-2011 at 06:39 PM.

  8. #27
    Green Apple
    Join Date
    Nov 2007
    Location
    Perth, Wa, Australia
    Posts
    83
    Thanks
    7
    Thanked 4 Times in 4 Posts

    Good, anti-virus on a mac is useless anyway

  9. #28
    MMi Staff Writer Anthony Bouchard's Avatar
    Join Date
    Sep 2011
    Location
    Florida
    Posts
    6,607
    Thanks
    194
    Thanked 957 Times in 700 Posts

    Quote Originally Posted by raduga View Post
    You can keep saying that if it makes you feel better.

    However, the main reason classical viruses haven't been a problem for OS X is not because its magically immune, but because classical viruses are boring and offer such limited value per h4x, hardly anyone writes new viruses anymore.

    worms, bots, trojans and BHOs are what all the cool kids are doing these days, and the number of these that target OS X is rising...
    Nothing was mentioned saying that Mac OS X was, "magically immune" to viruses. Be careful in using irrelevant facts not present in the details given to misconstrue and over-think something. The other examples you gave were mentioned in my writing saying that they are not viruses. So the fact that they're rising in numbers doesn't make them any more relevant to that statement, "magically immune."

  10. #29
    Green Apple MrNewbdude's Avatar
    Join Date
    Dec 2010
    Posts
    52
    Thanks
    2
    Thanked 2 Times in 1 Post
    So if I purchase "Little Snitch" will it prevent Trojans like this from harming me all together, even if I accidentally do key in my password? Reading the F-Secure instructions for removing the Trojan it says:
    On installation, the installer first checks if the following file is found in the system:/Library/Little Snitch/lsdLittle Snitch is a firewall program for Mac OS X. If the program is found, the installer will skip the rest of its routine and proceed to delete itself.
    Does that mean it would self-delete prior to doing any damage? That's how it sounds to me, can anyone clarify please?Thanks,

  11. #30
    MMi Staff Writer Anthony Bouchard's Avatar
    Join Date
    Sep 2011
    Location
    Florida
    Posts
    6,607
    Thanks
    194
    Thanked 957 Times in 700 Posts

    Quote Originally Posted by MrNewbdude View Post
    So if I purchase "Little Snitch" will it prevent Trojans like this from harming me all together, even if I accidentally do key in my password? Reading the F-Secure instructions for removing the Trojan it saysoes that mean it would self-delete prior to doing any damage? That's how it sounds to me, can anyone clarify please?Thanks,
    It won't prevent them. The trojan just deletes itself after it harms your computer to hide the fact that it was ever there.

  12. #31
    iPhoneaholic duromega's Avatar
    Join Date
    Nov 2008
    Location
    New York
    Posts
    381
    Thanks
    0
    Thanked 10 Times in 10 Posts

    Quote Originally Posted by Cer0 View Post
    The screen for the offical installer for Flash from Adobe:

    Attachment 551084


    The screen for the trojan flash:

    Attachment 551085
    Thank you so much!





  13. #32
    Livin the i raduga's Avatar
    Join Date
    May 2009
    Posts
    1,638
    Thanks
    228
    Thanked 94 Times in 85 Posts

    Quote Originally Posted by Anthony Bouchard View Post
    Nothing was mentioned saying that Mac OS X was, "magically immune" to viruses. Be careful in using irrelevant facts not present in the details given to misconstrue and over-think something. The other examples you gave were mentioned in my writing saying that they are not viruses. So the fact that they're rising in numbers doesn't make them any more relevant to that statement, "magically immune."
    The point is that viruses (in the strict sense) aren't much of a threat anyone these days, unless they're running Classic Macs or pre-SP2 Windows PCs. The things that do threaten modern Windows machines, however, very much threaten modern Macs as well.

    Arguing about classical viruses is only of historical interest, unless you regularly dig through piles of floppy disks. Your Mac today faces the same risks and the same threats and same dangers as any internet-capable PC, barring extensive mitigation (on the level of iOS). I wouldn't much care, but posting articles that encourage other users to be careless and foolish makes more (and more annoying) work for the guys who have to clean up security incidents.

  14. #33
    MMi Staff Writer Anthony Bouchard's Avatar
    Join Date
    Sep 2011
    Location
    Florida
    Posts
    6,607
    Thanks
    194
    Thanked 957 Times in 700 Posts

    Quote Originally Posted by raduga View Post
    I wouldn't much care, but posting articles that encourage other users to be careless and foolish makes more (and more annoying) work for the guys who have to clean up security incidents.
    My article encourages Mac users to be careful of what they download and to take measures of precaution when executing disk images. It doesn't encourage foolish mistakes or careless behavior.

  15. #34
    Livin the iPhone Life BenderRodriguez's Avatar
    Join Date
    Apr 2008
    Location
    The Future
    Posts
    2,139
    Thanks
    108
    Thanked 239 Times in 197 Posts

    Thanks for the info good article

  16. #35
    What's Jailbreak?
    Join Date
    Feb 2011
    Location
    toronto
    Posts
    20
    Thanks
    0
    Thanked 0 Times in 0 Posts

    how do i scan ? because i just updated my adobe flash player and im worried as hell now

  17. #36
    My iPhone is a Part of Me luvmytj's Avatar
    Join Date
    Jul 2008
    Location
    New York
    Posts
    645
    Thanks
    32
    Thanked 65 Times in 51 Posts

    Little Snitch comes through again! I installed LS over a year ago and love it. Now it may have saved me from installing malware. I highly recommend Little Snitch to all Mac users. It tracks every connection in and out and lets you decide if you want to allow it.

  18. #37
    MMi Staff Writer Anthony Bouchard's Avatar
    Join Date
    Sep 2011
    Location
    Florida
    Posts
    6,607
    Thanks
    194
    Thanked 957 Times in 700 Posts

    Quote Originally Posted by luvmytj View Post
    Little Snitch comes through again! I installed LS over a year ago and love it. Now it may have saved me from installing malware. I highly recommend Little Snitch to all Mac users. It tracks every connection in and out and lets you decide if you want to allow it.
    LittleSnitch does not protect you from this trojan. The trojan executes, ruins your system, AND THEN deletes itself.

    Quote Originally Posted by Waaasobe View Post
    how do i scan ? because i just updated my adobe flash player and im worried as hell now
    Just follow the instructions at the end of my article to see if you've been infected.

  19. #38
    What's Jailbreak?
    Join Date
    Feb 2011
    Location
    toronto
    Posts
    20
    Thanks
    0
    Thanked 0 Times in 0 Posts

    ^ yea i dont get it , im not all that tech savy if im honest i just got confused

  20. #39
    Livin the iPhone Life Stray's Avatar
    Join Date
    Oct 2010
    Location
    You Know...
    Posts
    14,071
    Thanks
    675
    Thanked 1,357 Times in 1,074 Posts

    Quote Originally Posted by spazturtle View Post
    .dmgs are disk files not executable files.
    Yeah I know. Anthony was referring to .dmg's as executables
    Quote Originally Posted by ikesmasher View Post
    that was officially the scariest thing you have ever said str4y.
    Quote Originally Posted by Pancho paco View Post
    Dude T.M.I

  21. #40
    Super Moderator Cer0's Avatar
    Join Date
    Apr 2008
    Location
    MN/WI
    Posts
    13,984
    Thanks
    388
    Thanked 1,138 Times in 888 Posts

    Quote Originally Posted by Anthony Bouchard View Post
    LittleSnitch does not protect you from this trojan. The trojan executes, ruins your system, AND THEN deletes itself.
    In this case LittleSnitch does stop it.

    To complete its installation/infection, Flashback.C requires the user to key in the administrator password.

    On installation, the installer first checks if the following file is found in the system:

    /Library/Little Snitch/lsd
    .

    Little Snitch is a firewall program for Mac OS X. If the program is found, the installer will skip the rest of its routine and proceed to delete itself.
    Source: Threat Description: Trojan-DownloaderSX/Flashback.C

    So if the trojan sees that littlesnitch is installed, which is the first thing it does, it willgo no further and delete itself. Basically it will not move on to any othe rline of code.

    Quote Originally Posted by Anthony Bouchard View Post
    The trojan executes, ruins your system, AND THEN deletes itself.
    Also as of right now it doesn't ruin your system. You are just infected awaiting further instructions as your info is being passed along.
    Last edited by Cer0; 10-19-2011 at 08:42 PM.

  22. The Following User Says Thank You to Cer0 For This Useful Post:

    Anthony Bouchard (10-19-2011)

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts