Skip navigation

Virus Protection

843 Views 13 Replies Latest reply: Apr 11, 2012 12:17 PM by R C-R RSS
TanyafromCA Calculating status...
Currently Being Moderated
Apr 10, 2012 11:05 PM

Is some type of virus protection necessary? I just had my aol email account hacked and it has really spooked me. I had a lot of previous issues with my former PC and this is one of the reasons I bought an Apple. But now I wonder if I need some type of protection.

iMac, Mac OS X (10.7.3)
  • Klaus1 Level 8 Level 8 (43,345 points)
    Currently Being Moderated
    Apr 11, 2012 1:46 AM (in response to TanyafromCA)

    You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:

     

    https://discussions.apple.com/docs/DOC-2435

     

     

    The User Tip (which you are welcome to print out and retain for future reference) seeks to offer some guidance on the main security threats and how to avoid them, including the Flashback Trojan.

  • laundry bleach Level 5 Level 5 (6,875 points)
    Currently Being Moderated
    Apr 11, 2012 8:20 AM (in response to TanyafromCA)

    Apple also offers this article about the recent Flashback malware issue.

  • John Galt Level 7 Level 7 (33,055 points)
    Currently Being Moderated
    Apr 11, 2012 8:30 AM (in response to TanyafromCA)

    Ars Technica has a link to a quick app that checks your system to determine the presence of this malware. Here is the link:

     

    http://arstechnica.com/apple/news/2012/04/checking-for-mac-flashback-infestation -theres-an-app-for-that.ars

     

    It is by no means foolproof and does not remove the malware if it is determined to be present, but it harmless and easy to use. In the meantime, Apple says they're working on a fix.

     

    Direct link to the app: FlashbackChecker 1.0

     

    If it determines "no signs of infection were found" then disable Java in Safari Preferences. Make yours look like this:

     

    Screen Shot 2012-04-08 at 10.10.53 PM.png

     

    If you are using other browsers like Firefox you will need to disable Java in them too.

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    Apr 11, 2012 9:10 AM (in response to John Galt)

    The problem with that program, like a number of others, is it's based on F-Secure's earlier definition for the i version and not the K. The K also looks for infection in ~/Library/LaunchAgents, which this app won't.

  • noondaywitch Level 6 Level 6 (8,130 points)
    Currently Being Moderated
    Apr 11, 2012 9:34 AM (in response to John Galt)

    Not to mention that we appear to be up to version R and beyond already!

  • John Galt Level 7 Level 7 (33,055 points)
    Currently Being Moderated
    Apr 11, 2012 10:02 AM (in response to WZZZ)

    They're all going to be behind the curve to varying extents For those reluctant or unwilling to do their own research it's better than nothing.

  • John Galt Level 7 Level 7 (33,055 points)
    Currently Being Moderated
    Apr 11, 2012 10:19 AM (in response to TanyafromCA)

    OpenDNS has recently been improved to address the Flashback trojan:

     

    http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /

     

    Another good reason to use it. Just use OpenDNS's DNS servers and you don't need to change a thing on your Mac.

  • mcbuffy Level 4 Level 4 (1,050 points)
    Currently Being Moderated
    Apr 11, 2012 10:25 AM (in response to TanyafromCA)

    Hello,

     

    Virus has nothing to do with your AOL account hacked.

    For more information read that :

    How do I know if my account has been compromised (hacked)?

    help.aol.com/help/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=51 598

     

    Don't choose an easy password and only login on AOL website.

    Don't respond on email that look like AOL send it and ask you to login on a fake webpage that will send your login and password to a hacker.

    Don't download any files send to you by an unknown person.

  • R C-R Level 6 Level 6 (13,795 points)
    Currently Being Moderated
    Apr 11, 2012 10:30 AM (in response to noondaywitch)

    noondaywitch wrote:

    Not to mention that we appear to be up to version R and beyond already!

    Different A-V companies give different names to the same malware. For instance, what the Russian company Dr Web calls "FlashFake.39" appears to be pretty much the same thing that F-Secure calls the I & K variants of FlashBack & most likely includes what Intego calls FlashBack R.

     

    These companies typically change the suffixes whenever they find something they consider to be a significant change in the malware but that varies considerably from company to company.

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    Apr 11, 2012 10:46 AM (in response to John Galt)

    John Galt wrote:

     

    OpenDNS has recently been improved to address the Flashback trojan:

     

    http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /

     

    Another good reason to use it. Just use OpenDNS's DNS servers and you don't need to change a thing on your Mac.

    Well, I'm not sure I'd rely completely on that. They are saying it blocks connection to the C&C, but what if you're already infected and already connected? And what happens if you're already infected and,  never connected to the Flashback mothership, but OpenDNS goes off and you revert to your ISPs servers?

     

    But good to know.

  • John Galt Level 7 Level 7 (33,055 points)
    Currently Being Moderated
    Apr 11, 2012 11:23 AM (in response to WZZZ)

    You can't rely completely on anything; there is no magic bullet. OpenDNS is just another defense, and has the advantage of being completely unobtrusive. If you already have Flashback, you have to get rid of it.

     

    If you believe your ISP uses a secure DNS then that's fine.

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    Apr 11, 2012 11:50 AM (in response to John Galt)

    I was really responding to this in your post.

     

    Another good reason to use it. Just use OpenDNS's DNS servers and you don't need to change a thing on your Mac.

  • R C-R Level 6 Level 6 (13,795 points)
    Currently Being Moderated
    Apr 11, 2012 12:17 PM (in response to WZZZ)

    WZZZ wrote:

    Well, I'm not sure I'd rely completely on that. They are saying it blocks connection to the C&C, but what if you're already infected and already connected?

    A blocked connection is a blocked connection, whether or not it previously was unblocked. It won't "undo" any damage done by or info passed to the C&C server prior to the block but it will stop anything new from getting through.

     

    And what happens if you're already infected and,  never connected to the Flashback mothership, but OpenDNS goes off and you revert to your ISPs servers?

    There is that, plus somewhat similar considerations for things like deleting preference files during troubleshooting, making sure all your Network Locations are set to OpenDNS IP addresses if you use more than one location, & so on.

     

    Because of all this, I use & recommend considering a multi-layer approach to malware protection, including using OpenDNS, A-V software, & above all keeping your software up-to-date. No one thing will protect you from everything but having more layers of protection gives you a better chance that one of them will.

Actions

More Like This

  • Retrieving data ...

Related Articles

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.