Skip navigation

Java Trojan on OSX

6111 Views 23 Replies Latest reply: Apr 13, 2012 10:04 AM by Gerard James RSS
1 2 Previous Next
denisefromsalisbury Level 1 Level 1 (0 points)
Currently Being Moderated
Apr 5, 2012 2:13 AM

Hello,

 

I get updated notes as a memeber of SC Magazine which specialises in security risks across different platforms.

 

Yesterday I had notification that Apple have found a hole in its Java Scripting

 

This is what it says:-

After security researchers spotted active exploits taking advantage of the vulnerability, the update, for both Lion (10.7.3) and Snow Leopard (10.6.8) versions of the platform, was released to close a dozen holes in Java 1.6.0_29. Apple said the most serious may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.

That presumably refers to CVE-2012-0507, which researchers at Mac security firm Intego said was the latest variant of the password-stealing Flashback Trojan.

Intego said it had samples of variant ‘R' since 23 March and had been finding new samples and variants of this malware almost daily since then. It recommended Mac users turn off Java in their web browser.

It also said Java is no longer provided with Mac OS X 10.7 Lion, but the first time a user needs to run it – when a Java applet loads, or when a user launches a Java applet on their Mac – the system will ask if the user wants to download it; if so, Apple provides the download directly and maintains its own version of Java.

Wolfgang Kandek, CTO of Qualys, said: “In addition, Mac users and IT admins for Macs should review whether Java is actually needed for their usage. If not, Java can be disabled through the Java Preferences program. Just uncheck 64-bit and 32-bit versions.”

Unpatched Java deployments are one of the largest malware threats facing enterprises today, according to Microsoft.

 

So my questions are :-

 

1) How do I ensure that Java is secure, as it states that I need to lock down and uncheck the the Java on 32 or 64bit versions

2) Is it now expedient to purchase Anti _Virus software for OSX?

 

Thanks  David

MacBook, Airport and ms word critical update
  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    Apr 5, 2012 2:22 AM (in response to denisefromsalisbury)

    1) How do I ensure that Java is secure, as it states that I need to lock down and uncheck the the Java on 32 or 64bit versions

     

    It's pretty secure if you turn it off!   Generally you don't need it.  You need Javascript for most browsers which is an entirely different thing.

     

    You can disable in the browser you are using and/or more globally using the Java Preferences too (in Utilities), General tab (uncheck the checkboxes).

     

    More new tricks from Flashback

     

    How to check for and disable Java in OS X

     

    Protect Yourself from the Mac OS X Java Vulnerability

     

    If it turns out you need it for some specific application or web site that you trust then turn it on only when running that application or visiting that site.

     

    2) Is it now expedient to purchase Anti _Virus software for OSX?

     

    No.  These things can't keep up with the ever changing trojans anyhow and there are no known viruses on OSX.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Apr 5, 2012 2:47 AM (in response to X423424X)

    X423424X wrote:

    2) Is it now expedient to purchase Anti _Virus software for OSX?

     

    No.  These things can't keep up with the ever changing trojans anyhow and there are no known viruses on OSX.

    Not any more after the Java update yesterday, but there are over half a million Flashback infected Macs out there according to this http://news.cnet.com/8301-1009_3-57409619-83/, so it looks like we have a lot of work ahead of us.

  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    Apr 5, 2012 3:05 AM (in response to denisefromsalisbury)

    Surefire?  Probably not.  It's a constantly moving target.  But below are three terminal commands I'm suggesting being run to do some initial (preliminary) checks for some of the trojan stuff that has been appearing in some machines up till now. 

     

    In terminal copy/paste each of the following three lines and post the results:

     

    defaults read ~/.MacOSX/environment

    ls -la ~/Library/LaunchAgents

    grep "/Users/" ~/Library/LaunchAgents/*

     

    MadMacs0, I saw that thread tonight about that dot file in the Safari Resources.  I'm waiting to hear more about that and if there is some other mechanism that is injecting that into safari if that is indeed trojan code in the first place.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Apr 5, 2012 3:06 AM (in response to denisefromsalisbury)

    denisefromsalisbury wrote:

     

    So the I guess my next question is how do I check if my mac is on of the half a million macs infected?

     

    Is there a surefire way of checking?

    That's a very tall order given that there are at least variants A-R of this thing right now (according to one A-V vendor). There are some similarities in the ones we know of and there is a link in the article to what they say is F-Secure's check, but it's rather technical and doesn't actually cover some of the earlier variants.

  • fane_j Level 4 Level 4 (3,655 points)
    Currently Being Moderated
    Apr 5, 2012 5:01 AM (in response to denisefromsalisbury)

    denisefromsalisbury wrote:

     

    Yesterday I had notification that Apple have found a hole in its Java Scripting

    You misread.

     

    Do not confuse Java and JavaScript. They are different animals. The problem with is Java, not JavaScript.

  • jricketts Calculating status...
    Currently Being Moderated
    Apr 5, 2012 1:36 PM (in response to X423424X)

    X423424X wrote:

     

    These things can't keep up with the ever changing trojans anyhow and there are no known viruses on OSX.

     

    Can you back that up? I'm thinking that's an incorrect statement. While there are not as many targeted towards Mac OS X as there are towards Windows, I would think it is errant to think that none exist or that an Apple computer is immune from being affected. The piece of malware that inspired this thread is a good example of a known threat. While it's a trojan horse and not specifically a computer virus, and indeed other major threats to Mac OS X have been worms and similar malware, I think it is prudent for all Apple users to be aware of threats to their systems and to take actions to safeguard them.

     

    Additionally, I think it wouldn't be a bad idea to install an anti-virus onto a computer running Mac OS X. Just because the malware out there is increasing at a rate faster than you think AV vendors can keep up with is no reason to not have even basic protection.

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    Apr 5, 2012 2:04 PM (in response to jricketts)

    In this case, at least, AV (some) may be useful for seeing if you've been infected, and, possibly, scrub it, but as X4, and even a rep from Intego stated here, it's only able to catalog and defend against what's already known. Since, this thing has been changing constantly, no AV will protect you against it in a new iteration. AV is always fighting the last war.

  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    Apr 5, 2012 2:14 PM (in response to jricketts)

    I never said macs were immune to viruses, only that none have occured to this date.  Hence I stand by my statement.

     

    As for AV software, IMO it may be a secondary level of protection at best, and a cause for instablility and poor performance at worst.  And as stated above can only detect past infections and not future infections.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Apr 5, 2012 4:55 PM (in response to jricketts)

    jricketts wrote:

     

    X423424X wrote:

     

    These things can't keep up with the ever changing trojans anyhow and there are no known viruses on OSX.

    Can you back that up? I'm thinking that's an incorrect statement. While there are not as many targeted towards Mac OS X as there are towards Windows, I would think it is errant to think that none exist or that an Apple computer is immune from being affected. The piece of malware that inspired this thread is a good example of a known threat. While it's a trojan horse and not specifically a computer virus, and indeed other major threats to Mac OS X have been worms and similar malware, I think it is prudent for all Apple users to be aware of threats to their systems and to take actions to safeguard them.

    There have been viruses in the past, but all known viruses have been patched on an up-to-date OS X 10.6.8 and above. That does not include any other malware, but the kind that can infect without user interaction is currently in check. If somebody wants to argue that there was a viral Trojan being served over the past week or so, I would have to agree. I also agree with everything else you have said.

    Additionally, I think it wouldn't be a bad idea to install an anti-virus onto a computer running Mac OS X. Just because the malware out there is increasing at a rate faster than you think AV vendors can keep up with is no reason to not have even basic protection.

    As long as it doesn't adversely affect the operation of your computer and does not give one a false sense of security, I don't have a problem with that. I have four installed on my computer right now, but none of them are currently running.

  • HACKINT0SH Level 5 Level 5 (5,750 points)
    Currently Being Moderated
    Apr 5, 2012 6:20 PM (in response to MadMacs0)

    There have been viruses in the past, but all known viruses have been patched on an up-to-date OS X 10.6.8 and above.

    Please tell us of these viruses that you know of for Mac OS X. There are a lot of people who would like to know.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Apr 5, 2012 6:41 PM (in response to HACKINT0SH)

    HACKINT0SH wrote:

     

    There have been viruses in the past, but all known viruses have been patched on an up-to-date OS X 10.6.8 and above.

    Please tell us of these viruses that you know of for Mac OS X. There are a lot of people who would like to know.

    Most are listed in Thomas Reed's Macintosh Malware Catalog, which I believe you are familiar with.

     

    The iAntiVirus Threat List has some, including those going back to OS Classic days, but has not been updated for at least two years.

  • HACKINT0SH Level 5 Level 5 (5,750 points)
    Currently Being Moderated
    Apr 6, 2012 6:23 PM (in response to MadMacs0)

    I don't care for the classic list days. I am well aware of viruses from the 80's, etc. What I specificaly was looking for was those for OS X.

     

    Now, Thoma's site mentions the macro scripts for MS Word, etc. viruses of to start. Well, that depends on how much you want to stretch this and at what angle you look at. You'd need to have those MS applications installed, just to allow those macros to work. And you'd also have to be gullible enough to not know what's going on.

     

    Office 2004 was the last version to even support those macros, so you couldn't even possibly run that on Lion. Using Rosetta on SL seems you could do this if you were gullible enough to not pay attention to the warnings, etc. And now you can start to make your case! But then again, do you want to count things as an MS Word macro scrip, as a virus? If so then I guess I can't argue on that point. But that's a bit of a stretch from the tyipcal example of self-replicating binaries.

     

    Anyway, I know we are not going to agree here, so let's just agree to disagree.

     

    That said, keep up the good work BTW on the current trojan.

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    Apr 6, 2012 6:37 PM (in response to HACKINT0SH)

    MadMacs0 knows the difference between a  virus and a trojan. Please stop baiting him.

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.