Java Trojan on OSX

1) How do I ensure that Java is secure, as it states that I need to lock down and uncheck the the Java on 32 or 64bit versions

It's pretty secure if you turn it off! 😉 Generally you don't need it. You need Javascript for most browsers which is an entirely different thing.

You can disable in the browser you are using and/or more globally using the Java Preferences too (in Utilities), General tab (uncheck the checkboxes).

More new tricks from Flashback

How to check for and disable Java in OS X

Protect Yourself from the Mac OS X Java Vulnerability

If it turns out you need it for some specific application or web site that you trust then turn it on only when running that application or visiting that site.

2) Is it now expedient to purchase Anti _Virus software for OSX?

No. These things can't keep up with the ever changing trojans anyhow and there are no known viruses on OSX.

X423424X wrote:

2) Is it now expedient to purchase Anti _Virus software for OSX?

No. These things can't keep up with the ever changing trojans anyhow and there are no known viruses on OSX.

Not any more after the Java update yesterday, but there are over half a million Flashback infected Macs out there according to this http://news.cnet.com/8301-1009_3-57409619-83/, so it looks like we have a lot of work ahead of us.

Surefire? Probably not. It's a constantly moving target. But below are three terminal commands I'm suggesting being run to do some initial (preliminary) checks for some of the trojan stuff that has been appearing in some machines up till now.

In terminal copy/paste each of the following three lines and post the results:

defaults read ~/.MacOSX/environment

ls -la ~/Library/LaunchAgents

grep "/Users/" ~/Library/LaunchAgents/*

MadMacs0, I saw that thread tonight about that dot file in the Safari Resources. I'm waiting to hear more about that and if there is some other mechanism that is injecting that into safari if that is indeed trojan code in the first place.

denisefromsalisbury wrote:

So the I guess my next question is how do I check if my mac is on of the half a million macs infected?

Is there a surefire way of checking?

That's a very tall order given that there are at least variants A-R of this thing right now (according to one A-V vendor). There are some similarities in the ones we know of and there is a link in the article to what they say is F-Secure's check, but it's rather technical and doesn't actually cover some of the earlier variants.

denisefromsalisbury wrote:

Yesterday I had notification that Apple have found a hole in its Java Scripting

You misread.

Do not confuse Java and JavaScript. They are different animals. The problem with is Java, not JavaScript.

X423424X wrote:

These things can't keep up with the ever changing trojans anyhow and there are no known viruses on OSX.

Can you back that up? I'm thinking that's an incorrect statement. While there are not as many targeted towards Mac OS X as there are towards Windows, I would think it is errant to think that none exist or that an Apple computer is immune from being affected. The piece of malware that inspired this thread is a good example of a known threat. While it's a trojan horse and not specifically a computer virus, and indeed other major threats to Mac OS X have been worms and similar malware, I think it is prudent for all Apple users to be aware of threats to their systems and to take actions to safeguard them.

Additionally, I think it wouldn't be a bad idea to install an anti-virus onto a computer running Mac OS X. Just because the malware out there is increasing at a rate faster than you think AV vendors can keep up with is no reason to not have even basic protection.

In this case, at least, AV (some) may be useful for seeing if you've been infected, and, possibly, scrub it, but as X4, and even a rep from Intego stated here, it's only able to catalog and defend against what's already known. Since, this thing has been changing constantly, no AV will protect you against it in a new iteration. AV is always fighting the last war.

I never said macs were immune to viruses, only that none have occured to this date. Hence I stand by my statement.

As for AV software, IMO it may be a secondary level of protection at best, and a cause for instablility and poor performance at worst. And as stated above can only detect past infections and not future infections.

jricketts wrote:

X423424X wrote:

These things can't keep up with the ever changing trojans anyhow and there are no known viruses on OSX.

Can you back that up? I'm thinking that's an incorrect statement. While there are not as many targeted towards Mac OS X as there are towards Windows, I would think it is errant to think that none exist or that an Apple computer is immune from being affected. The piece of malware that inspired this thread is a good example of a known threat. While it's a trojan horse and not specifically a computer virus, and indeed other major threats to Mac OS X have been worms and similar malware, I think it is prudent for all Apple users to be aware of threats to their systems and to take actions to safeguard them.

There have been viruses in the past, but all known viruses have been patched on an up-to-date OS X 10.6.8 and above. That does not include any other malware, but the kind that can infect without user interaction is currently in check. If somebody wants to argue that there was a viral Trojan being served over the past week or so, I would have to agree. I also agree with everything else you have said.

Additionally, I think it wouldn't be a bad idea to install an anti-virus onto a computer running Mac OS X. Just because the malware out there is increasing at a rate faster than you think AV vendors can keep up with is no reason to not have even basic protection.

As long as it doesn't adversely affect the operation of your computer and does not give one a false sense of security, I don't have a problem with that. I have four installed on my computer right now, but none of them are currently running.

There have been viruses in the past, but all known viruses have been patched on an up-to-date OS X 10.6.8 and above.

Please tell us of these viruses that you know of for Mac OS X. There are a lot of people who would like to know.

HACKINT0SH wrote:

There have been viruses in the past, but all known viruses have been patched on an up-to-date OS X 10.6.8 and above.

Please tell us of these viruses that you know of for Mac OS X. There are a lot of people who would like to know.

Most are listed in Thomas Reed's Macintosh Malware Catalog, which I believe you are familiar with.

The iAntiVirus Threat List has some, including those going back to OS Classic days, but has not been updated for at least two years.

I don't care for the classic list days. I am well aware of viruses from the 80's, etc. What I specificaly was looking for was those for OS X.

Now, Thoma's site mentions the macro scripts for MS Word, etc. viruses of to start. Well, that depends on how much you want to stretch this and at what angle you look at. You'd need to have those MS applications installed, just to allow those macros to work. And you'd also have to be gullible enough to not know what's going on.

Office 2004 was the last version to even support those macros, so you couldn't even possibly run that on Lion. Using Rosetta on SL seems you could do this if you were gullible enough to not pay attention to the warnings, etc. And now you can start to make your case! But then again, do you want to count things as an MS Word macro scrip, as a virus? If so then I guess I can't argue on that point. But that's a bit of a stretch from the tyipcal example of self-replicating binaries.

Anyway, I know we are not going to agree here, so let's just agree to disagree.

That said, keep up the good work BTW on the current trojan.

MadMacs0 knows the difference between a virus and a trojan. Please stop baiting him.

HACKINT0SH wrote:

Anyway, I know we are not going to agree here, so let's just agree to disagree.

OK, I'll take the bait. Do you disagree with Thomas (I know you often do) or with me? All I said was that all known viruses have been patched on an up-to-date OS X 10.6.8 and above. I know there have been disagreements among experts as to whether or not certain of these malware qualified as a virus or not, but that seems futile to debate after all this time, especially since I have no opinion on it.

I do feel that there is sufficient evidence that this current Flashback variant acts in a viral manner toward anybody on an Intel Mac using OS X 10.6.7 or earlier, with Java installed & enabled, who are not using Little Snitch and who visits a poisoned web site. Such users will be infected with no action on their part beyond cancelling a dialog box.

All recommendations are that such users update to 10.6.8 if at all possible or to disable Java, at least in their browsers, if they are unable or unwilling. It's also possible to tweek Java Preferences from their default settings to minimize the risk "Java Hardning Tips," but know that new users can quickly get lost in the details of doing so.