Currently Being ModeratedApr 7, 2012 12:27 PM (in response to Kappy)
Kappy, while true for trojans, this one has morphed to take advantage of a Java vulnerability that has been open for a few months in OS X, and does not require the user do anything in order to install. It's been called a "drive-by-download" attack that does not fool the user or try to trick him, and as such has changed from being a true "trojan horse" malware.
As for Java applications, I'm not sure of a way to list them all, but you can disable Java in the Java Preferences utility and then try opening your programs to see which ones give you and error about requiring Java, and catalogue them that way.
Currently Being ModeratedApr 7, 2012 12:44 PM (in response to MacinNW_Brent)
Is there way to tell which apps use Java, similiar to checking System Information?
Good question. There isn't as easy a way as that, but there is a crude way.
Launch the Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Terminal in the page that opens.
Drag or copy — do not type — the following line into the Terminal window, then press return:
find /Applications -type f -name *.jar
All the applications that are listed in the output have Java components.
Currently Being ModeratedApr 7, 2012 12:45 PM (in response to MacinNW_Brent)
Kappy, you are not being helpful. And I am not overthinking it.
Apple has stated that they are moving away from Java. And for a clean install of 10.7, the default is not to install Java.
I want to turn off Java, but apparently I have some apps that use Java. I would like to easily find out which ones I may need to replace. Very similar to the situation when moving to 10.7, when every one was trying to figure out which apps they used would have to be replaced.
Currently Being ModeratedApr 7, 2012 1:01 PM (in response to Linc Davis)
Thank you Linc. That was the answer.
And the results were: Adobe Bridge CS3 with 4 votes, Callpod Keeper (as I knew) with about a dozen votes, Evernote with one vote, LibreOffice (had about 100 votes), OpenOffice (with a couple of dozen), and Stanza tying for last place with one vote.
Since I hardly ever use LibreOffice, OpenOffice, Adobe Bridge, and Stanza, I'm pretty happy. I'm a little upset with Evernote since I just got it. But Callpod Keeper, my password safe makes me very upset. Its funciton is critical to me and I hate moving to another one.
Currently Being ModeratedApr 7, 2012 1:04 PM (in response to Kappy)
The "drive-by" aspect means people just need to be redirected to a site containing the malicious java applet, and then provided their systems are not patched the applet will break the Java sandbox and execute the malware downloader. While in some cases it might be obvious that the applet has run or "something" has happened, in other cases a person might just see a Web page (or a blank one) they didnt intend and close it, not thinking twice about it, but not realizing they've been infected.
Currently Being ModeratedApr 7, 2012 1:10 PM (in response to Linc Davis)
Linc, I forgot to say thank you for including the Terminal command. While I can find the Terminal window, I am not a regular user and so leery to type in a line like that. You hit the right skill level in your solution.
Currently Being ModeratedApr 7, 2012 1:10 PM (in response to Topher Kessler)
Still sounds like practical user diligence to avoid sites that would result in the redirect is the most effective way to avoid the issue.
I know in my situation I have Java enabled, I have Adobe Flash installed, etc. but I'm careful to avoid unfamiliar websites. So far I haven't been infected explicitly or implicitly.
This might become a more malicious issue if the trojan turns into a full-fledged virus.
Currently Being ModeratedApr 7, 2012 1:18 PM (in response to Kappy)
Very true, but then again such Web-based attacks have in the past resulted in even legitimate sites like MSN resulting in the MacDefender popups. Those were easier to track, but this being a more subtle attack makes it harder to determin where the attack originated.
It would be much harder for the malware to develop into a virus that infects files, executes, and spreads itself. I dont see much avenue for this happening in OS X, but I guess somehow it might be possible; however, that's a bit of speculation (where anything could be possible if you think about it long enough ).