New Macintosh Trojan – Disables Apple Anti-Malware

[Anthony Bouchard]

There is a new trojan horse for Macintosh. Be very careful what you enter your password for.

Another trojan has been unleashed onto the internet that affects Mac users. The name is Flashback.C. The trojan will execute under normal circumstances as when you download a .dmg file and run it. It will disguise itself as an Adobe Flash Player installation. Once it prompts you with your password, you better make sure that you downloaded the file from Adobe's website yourself, otherwise, close it immediately and eject the image and delete the disk image file (.dmg). I never recommend installing any updates automatically because files in your system can be tricked into downloading from inconspicuous sources (we here at modmyi know just how easy it is to trick a server – we do it with Cydia all the time). When installing an update, I recommend only downloading directly from the legitimate site itself. If you are aware that there is an Adobe Flash Player update, just go to Adobe's site and download the .dmg file from them directly, then install it over what you have already. If you need a link, then download Adobe Flash Player from here, and don't download it from anywhere else. This will ensure your security – or at least more so than just trusting a random popup that says you have an Adobe Flash Player update.

This specific trojan horse, once installed, will wipe out files necessary for the malware definition updating process to run properly. This will leave your Mac vulnerable to malware. Again, I highlight the word 'malware' because Macs are armed with built in protection from malware which is anti-virus grade protection from malware. Malware only. To date, there has never been a successful virus launch for Mac OS X. Malware patches are offered by Apple regularly, and Trojan Horses occur maybe once or twice a year at best. Worms for Mac OS X are very rare. If you insist on saying that they're all the same and that Mac OS X has indeed had viruses – you can read about the differences here. Apple swiftly deals a lethal blow to many of these security threats and the Mac continues to act as though nothing ever happened. When referring to anything that can do harm to your computer, remember that infections have categories and that just because what it does is bad doesn't make it a virus.

Mac OS X Snow Leopard and Mac OS X Lion operate on the same security channel, getting updates from the same server with the same files. This means that anything that affects one operating system will affect the other. If you have the application LittleSnitch installed on your Mac, Flashback.C will automatically self-terminate itself before it does its malicious deed.

Again, the best way to fight this new infection is to be aware of everything that is being downloaded into your computer and to understand its source. If you believe that you might have been infected by this trojan, or if you are just a worry wart that wants to make sure they haven't contracted it by mistake, F-Secure has instructions here on how to look for and remove Flashback.C. Good luck and stay safe!

Do you know anyone who's been infected by Flashback.C? Share below!

Sources: Macworld

[maddawg05]

I am sure there are more and more out there that we'll be seeing in the future.

[CustomSS1]

How boring and sad must someones life be to make a virus/trojan to damage other computers?
I mean seriously, do something useful in your life instead!

[Broomhead]

executable file? I didn't think those files would open on a Mac, even if I wanted them to. Please someone shed some light on this...

[spazturtle]

If you are running the new version of flash (11) it no longer updates though the installer. It has a section in system preferences that is used to update.

[Stray]

executable file? I didn't think those files would open on a Mac, even if I wanted them to. Please someone shed some light on this...

.dmg

[spazturtle]

executable file? I didn't think those files would open on a Mac, even if I wanted them to. Please someone shed some light on this...

A executable file is a file that you can run, like an .app or .sh

[Broomhead]

.dmg

executable is .exe

.app is an application.
.dmg is a disk image (a notion Windows users have trouble grasping)
.sea is a self extracting archive which is like an app because it doesn't require another app to extract the compressed file it contains.
I rarely see .sea anymore because developers release their apps on dmg's or they are compressed as plain stuffit archives or gz.

[spazturtle]

.dmg

.dmgs are disk files not executable files.

[Anthony Bouchard]

executable file? I didn't think those files would open on a Mac, even if I wanted them to. Please someone shed some light on this...

I've always referred to .Dmg files as Mac executable files. Do you call them something different?

[spazturtle]

I've always referred to .Dmg files as Mac executable files. Do you call them something different?

Dmgs are not programmes they are virtual disks. An executable file is a file that run, executable means runable, files like .app or .sh are executable files.

[Anthony Bouchard]

Dmgs are not programmes they are virtual disks. An executable file is a file that run, executable means runable, files like .app or .sh are executable files.

Thanks, I'll rewrite that portion of the article pronto.

[Broomhead]

Thanks, I'll rewrite that portion of the article pronto.

Thank you

[Anthony Bouchard]

executable is .exe
.dmg is a disk image (a notion Windows users have trouble grasping)

Not that I don't grasp the idea; a Mac/Windows user myself, I understand that completely. I refer to them as Mac executable counterparts actually for that exact reason. Windows users will understand the concept better.

[Broomhead]

Not that I don't grasp the idea; a Mac/Windows user myself, I understand that completely. I refer to them as Mac executable counterparts actually for that exact reason. Windows users will understand the concept better.

That was not directed at you personally. I had no idea of your operating system

[AfterMercyFM]

I thought I infected my MBP with it since the Adobe Flash wanted to update a few times. I thought it was strange at the time but updated anyway. When I read this post I figured I infected my computer and went to look for the string of code in the .plist for Safari but couldn't find it. Does that mean I'm not infected or what? Also, I installed LittleSnitch, which if I do have the trojan it would be too late anyhow, but now I can't quit or uninstall it. Amidoinitrong? :no idea:

EDIT: Found the uninstaller option in the .dmg but still unsure if I'm infected.

[ScooterComputer]

If you are running the new version of flash (11) it no longer updates though the installer. It has a section in system preferences that is used to update.

That is incorrect. The Check Now button in the PrefPane simply sends you to an Adobe downloads page. It (the page) doesn't even bother to sniff your player version and tell you if you need the update or not. Furthermore, up until a few weeks ago, the certificate for the page was wrong and would cause Safari to throw an error dialog.

This is a mess. And it is all on Apple.

[akafred]

but but mac's dont get viruses!! i was lied to!!! lol proves that any OS has vulnerabilities, and the dumber the user the more likely to get affected..

[duromega]

I've always referred to .Dmg files as Mac executable files. Do you call them something different?

executable or disk image Anthony refereed in the article as a (dmg) when I was reading and saw "executable" I was a little confused but then he specified (dmg) i knew what he was talking about if you have a mac you should know mac os sees the file in other language, here the point is not the file type is to mac users know there is a worm out there I'm gonna be aware and I won't update my Adobe Flash automatically!! Thank you Anthony for the article!

[Anthony Bouchard]

I thought I infected my MBP with it since the Adobe Flash wanted to update a few times. I thought it was strange at the time but updated anyway. When I read this post I figured I infected my computer and went to look for the string of code in the .plist for Safari but couldn't find it. Does that mean I'm not infected or what? Also, I installed LittleSnitch, which if I do have the trojan it would be too late anyhow, but now I can't quit or uninstall it. Amidoinitrong? :no idea:

EDIT: Found the uninstaller option in the .dmg but still unsure if I'm infected.

If you can't find the details necessary to remove it then you should be fine.