Half a million Mac computers infected with malware

Discussion in 'Anti-Virus' started by Virus Guy, Apr 6, 2012.

  1. Virus Guy

    Virus Guy Guest

    http://www.bbc.co.uk/news/science-environment-17623422

    5 April 2012

    Half a million Mac computers 'infected with malware'

    Apple laptop computer Dr Web says most infected computers are in the US

    More than half a million Apple computers have been infected with the
    Flashback Trojan, according to a Russian anti-virus firm.

    Its report claims that about 600,000 Macs have installed the malware -
    potentially allowing them to be hijacked and used as a "botnet".

    The firm, Dr Web, says that more than half that number are based in the
    US.

    Apple has released a security update, but users who have not installed
    the patch remain exposed.

    Flashback was first detected last September when anti-virus researchers
    flagged up software masquerading itself as a Flash Player update. Once
    downloaded it deactivated some of the computer's security software.

    Later versions of the malware exploited weaknesses in the Java
    programming language to allow the code to be installed from bogus sites
    without the user's permission.
    Remote control

    Dr Web said that once the Trojan was installed it sent a message to the
    intruder's control server with a unique ID to identify the infected
    machine.

    "By introducing the code criminals are potentially able to control the
    machine," the firm's chief executive Boris Sharov told the BBC.

    "We stress the word potential as we have never seen any malicious
    activity since we hijacked the botnet to take it out of criminals'
    hands. However, we know people create viruses to get money.

    "The largest amounts of bots - based on the IP addresses we identified -
    are in the US, Canada, UK and Australia, so it appears to have targeted
    English-speaking people."

    Dr Web also notes that 274 of the infected computers it detected
    appeared to be located in Cupertino, California - home to Apple's
    headquarters.

    Update wait

    Java's developer, Oracle, issued a fix to the vulnerability on 14
    February, but this did not work on Macintoshes as Apple manages Java
    updates to its computers.

    Apple released its own "security update" on Wednesday - more than eight
    weeks later. It can be triggered by clicking on the software update icon
    in the computer's system preferences panel.

    The security firm F-Secure has also posted detailed instructions about
    how to confirm if a machine is infected and how to remove the Trojan.

    Although Apple's system software limits the actions its computers can
    take without requesting their users' permission, some security analysts
    suggest this latest incident highlights the fact that the machines are
    not invulnerable.

    "People used to say that Apple computers, unlike Windows PCs, can't ever
    be infected - but it's a myth," said Timur Tsoriev, an analyst at
    Kaspersky Lab.

    Apple could not provide a statement at this time.
     
    Virus Guy, Apr 6, 2012
    #1
    1. Advertisements

  2. Virus Guy wrote:

    [...]
    Not a virus!

    [...]
     
    FromTheRafters, Apr 6, 2012
    #2
    1. Advertisements

  3. Virus Guy

    Dustin Guest

    Some people used to preach that myth. Some of us always knew better.
    HEHEHE.

    Here's something for you, win9x isn't immune to it.
    http://www.f-secure.com/weblog/archives/00002341.html
     
    Dustin, Apr 6, 2012
    #3
  4. Virus Guy

    s|b Guest

    <https://www.youtube.com/watch?v=aIrhVo1WA78>

    :)
     
    s|b, Apr 6, 2012
    #4
  5. I don't think he will understand that comment, he still doesn't
    differentiate between the exploit and the payload.
     
    FromTheRafters, Apr 6, 2012
    #5
  6. Virus Guy

    Virus Guy Guest

    I've kill-filed Pustin, so the only way I see his screed is when someone
    else quotes it.

    In this case, he's posted a link to a description of the java
    vulnerability that pertains to the current issue with Macs (not sure why
    he did that). The content of the link contains no information specific
    to whether or not Win-98 is vulnerable.

    In any case, since Oriface patched the JRE a couple months ago, and
    since JRE version 6 does run under win-98 with kernelEx (and hence any
    patch to version 6 is therefore applicable to win-98) why would someone
    make a claim that win-98 is vulnerable?

    Any windoze OS is vulnerable if the patch isin't applied.
     
    Virus Guy, Apr 6, 2012
    #6
  7. He probably wrote that because you often declare w9x to be immune from
    modern malware. If this at one time was a zero day exploit, it debunks
    that view.
     
    FromTheRafters, Apr 6, 2012
    #7
  8. Virus Guy

    Dustin Guest

    That's mature. Not that I really expect any civil discourse with you.
    You likely killfiled me after the sound education you got regarding DNS
    servers. I don't mind being killfiled for spanking you. The fact you
    think misspelling my name is in some fashion, professional or mature is
    funny. You're a spoiled little punkass who can't hold his own in any
    technical discussion.
    FTR was right then. You don't see the differences...
    You used to preach how much safer win9x is over NT. It isn't. Never
    could be. win9x doesn't handle file permissions based on user accounts.
    It's inherently, insecure.
     
    Dustin, Apr 6, 2012
    #8
  9. Virus Guy

    Dustin Guest

    Seems you were right.
     
    Dustin, Apr 6, 2012
    #9
  10. Virus Guy

    Dustin Guest

    That reminds me. KernelEX gives you some NT like extensions right?

    So here it is. RC5 released. Fixes most of reported problems and further
    enhances compatibility with NT-only applications. Enjoy!

    Yes it does... This is another potential weakness in your win9x machine
    then. It is capable of executing some NT specific malware thanks to your
    3rd party support. That means, it can run an NT based worm without the
    benefit of non admin level security.
    Your win9x box is vulnerable to some NT code bases as it will try to run
    them thanks to you installing an app to provide what it doesn't have. That
    goes for some forms of NT based malware too.
     
    Dustin, Apr 6, 2012
    #10
  11. Virus Guy

    Dustin Guest

    KernelEx is an Open Source compatibility layer with an aim to allow
    running Windows 2000/XP-only applications on Microsoft Windows 98 and
    Microsoft Windows Millennium operating systems.

    Thanks to that program you use, You are vulnerable to most NT based
    baddies. Not only can you execute them, you have no control over the
    damage they can do as you have no restricted users or UAC control of any
    kind. The best you have is setting a files attribute to read/only.
     
    Dustin, Apr 6, 2012
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.