-
All replies
-
Helpful answers
-
May 3, 2012 2:56 PM in response to Richard Bonomoby Klaus1,No updates for Leopard, which is no longer supported.
You should turn off Java (but not Javascript) in Safari Preferences/Security, and uncheck 'Open Safe Files after downloading' in Safari Prefeences/General.
-
May 3, 2012 3:02 PM in response to Richard Bonomoby BDAqua,Nope, & they're not likely to.
Disable Java in your Browser settings, not JavaScript.
http://support.apple.com/kb/HT5241?viewlocale=en_US
http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
Flashback - Detect and remove the uprising Mac OS X Trojan...
http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site
More bad news...
-
May 14, 2012 3:33 PM in response to Richard Bonomoby John Galt,Apple just released the following
Flashback Removal Security Update
...and a related subject
Leopard Security Update 2012-003
System requirement is Mac OS X v10.5.8. Unknown if it will work on PPC Macs.
-
May 14, 2012 4:10 PM in response to John Galtby Klaus1,Did not show up in Software Update on my G5 iMac running Leopard, from which I deduce that the Flashback Trojan does not pose a threat to PPC Macs, presumably because I cannot run a version of Flash Player that is vulnerable.
I am ever the optimist!
-
May 14, 2012 4:37 PM in response to Richard Bonomoby GW Schreyer,The updates are not showing up in SU for me. The downloads ARE at the Apple Downloads site but they don't run. They say I need 10.5.8. I have 10.5.8 buld 9L31a. Something is broken.
If you have Flash or Java, there are threats. These updates are supposed to close them off.
BTW, I have two PPC machines.
-
May 14, 2012 4:48 PM in response to Klaus1by GW Schreyer,Flashback does not need Flash, just Java, to infect.
This is indeed an Intel only update.
-
May 14, 2012 8:12 PM in response to Klaus1by MadMacs0,Klaus1 wrote:
presumably because I cannot run a version of Flash Player that is vulnerable.
The Flash Player update is not related to Flashback, but you would be able to run versions of Flash Player prior to 10.1.102.64 if you wanted to.
BTW that "new" Flash Player came out in November 2010, so this is a really timely update they are giving out.
-
May 14, 2012 8:15 PM in response to John Galtby MadMacs0,John Galt wrote:
Apple just released the following
Except that the OP was looking for a Java update which isn't part of this. So what happens if you come up clean and the next site you visit with Java left turned on is the Flashback site...you are infected. Kind of a half hearted update if you ask me. Let's hope there is more to come.
-
May 15, 2012 3:45 AM in response to MadMacs0by WZZZ,MadMacs0 wrote:
John Galt wrote:
Apple just released the following
Except that the OP was looking for a Java update which isn't part of this. So what happens if you come up clean and the next site you visit with Java left turned on is the Flashback site...you are infected. Kind of a half hearted update if you ask me. Let's hope there is more to come.
Agree, sounds quite lame, especially since it may give those who run the update and don't understand what it does and doesn't do a false sense of security.
-
May 15, 2012 6:32 AM in response to GW Schreyerby a brody,From what is known PowerPC machines are not affected. You can apply the 10.5.8 combo update to see if it makes a difference.
-
May 15, 2012 8:11 AM in response to Richard Bonomoby emma_mac_book_addict,Yes Apple has now posted securituy updates for OSX 10.5.6, I've just downloaded them to be on the safe side despite my dad concluding that when this virus came to light originally my laptop was clean and turning off Java.
-
by a brody,May 15, 2012 10:36 AM in response to emma_mac_book_addict
a brody
May 15, 2012 10:36 AM
in response to emma_mac_book_addict
Level 9 (66,889 points)
Classic Mac OSEmma,
Just a distinction here, it is 10.5.8, not 10.5.6 that they released the update for.
-
May 15, 2012 7:18 PM in response to GW Schreyerby BDAqua,a brody is right, PPC Macs have not been infected due to the trojan being Intel code only, but many ways to protect yourself on PPC Macs...
Disable Java in your Browser settings, not JavaScript.
http://support.apple.com/kb/HT5241?viewlocale=en_US
http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
Little Snitch, stops/alerts outgoing stuff...
http://www.obdev.at/products/littlesnitch/index.html
Flashback - Detect and remove the uprising Mac OS X Trojan...
http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
MadMacs0 says...
This script from F-Secure is the only one I'm currently recommending http://www.f-secure.com/weblog/archives/00002346.html
http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
Open DNS also blocks the FlashBack thing...
http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /