HT5244: About Flashback malware
Learn about About Flashback malware
-
All replies
-
Helpful answers
-
Apr 15, 2012 9:34 AM in response to SuperWeeDby thomas_r.,There should be no relation between the Java updates being discussed and the internet speed. It may be a coincidental network issue. Try rebooting all your network hardware and your computer. Test with other devices as well. And if you're still having problems after that, you should start your own topic with lots of details, since the people who are internet connection experts may not necessarily be monitoring discussions of Flashback.
-
Apr 15, 2012 9:50 AM in response to MadMacs0by Kappy,OK. We'll let my complaint go and start with a clean slate.
It's my understanding that if you become infected then install Apple's security update that the infection is not removed. Hence the need for a removal tool that can be applied before one installs the security update. Then the security update will block further infections. This presumes no new variants that can circumvent the extant protections.
Feel free to correct me if the above is not correct.
I am aware of the fact the early variants required one to download and install what appeared to be a Flash installer. Hence the name, Flashback or Flashfake. Later variants no longer required you to do that hence the trojan became more like a virus that did not require user action to get infected.
-
Apr 15, 2012 9:55 AM in response to Kappyby thomas_r.,No, that's not correct. There's no separate tool to install before the update... The updat IS the tool. When you install the latest updates, they will do three things:
1) Remove the malware, if present
2) Update Java, if it's installed
3) change your Java setting so that Java is disabled in the browser, and so that if you turn on Java and then don't use it for a while, it'll turn itself off again.
-
Apr 15, 2012 10:00 AM in response to thomas_r.by Kappy,Tom,
I think I'm up to speed on this stuff as I read the posts about it. I know that removing Java does not remove an extant infection. I'm not really sure why you think I don't understand that.
Actually, I was under the impression that having been infected while running Snow Leopard that the infection would not be removed by installing Lion. But Linc has corrected me twice about that. Linc has seemed very well informed about the malware. I guess that was wrong or he misstated.
I've never claimed to be expert about the nature of this malware nor it's variants. I read posts from you and a few others then try to provide other users with solutions. The main thing I post has a link to your site.
I don't mind being corrected nor being offered additional information. It's more the way that it's done.
-
Apr 15, 2012 10:13 AM in response to thomas_r.by Kappy,Then what was the point of the tool Apple also released? If what you say is correct then the Apple removal tool has no obvious purpose.
-
Apr 15, 2012 10:13 AM in response to Kappyby thomas_r.,I'm just trying to get a conversation back on track that started with the statement:
"If you don't have Java installed on your computer, then you need not worry about the malware."
Which is not true. You seemed to be saying that installing Lion would eliminate the malware by removing Java, which is also not the case. And now you say that installing Lion would remove the infection. While it is true that installing Lion could clean up a "type 1" infection, by replacing infected apps like Safari, there are other apps that may be infected (such as Skype) which would not be touched by installing Lion. And in a "type 2" infection, where the malware is entirely installed in the user's home folder, installing Lion also would not remove the malware.
So, all I'm saying is that users of Lion who don't have Java installed should install the Flashback removal update, just to be on the safe side.
-
Apr 15, 2012 10:14 AM in response to Kappyby thomas_r.,I'm not following... That's exactly the opposite of what I'm saying.
-
Apr 15, 2012 10:20 AM in response to thomas_r.by Kappy,Got all that. So, then, to get this all "back on track" lay out what someone should do if:
A. They are not infected. They have Leopard, Snow Leopard, or Lion currently installed as an upgrade to a prior system.
B. Same scenario as A, but they are infected.
Add any other scenarios you feel are unique with respect to these two.
-
Apr 15, 2012 10:23 AM in response to thomas_r.by Kappy,Tom,
Apple has released Flashback malware removal tool 1.0. In addition Apple earlier released the security updates for Snow Leopard and Lion. If the security update does what you stated, then what is the purpose of the Flashback malware removal tool 1.0?
I don't think this is the opposite of what you've said.
-
Apr 15, 2012 11:29 AM in response to Kappyby thomas_r.,Got all that. So, then, to get this all "back on track" lay out what someone should do if:
A. They are not infected. They have Leopard, Snow Leopard, or Lion currently installed as an upgrade to a prior system.
Install whatever Java- or Flashback-related update is currently available in Software Update.
B. Same scenario as A, but they are infected.
Install whatever Java- or Flashback-related update is currently available in Software Update.
Yes, I did repeat myself. That's the point, it doesn't matter whether you're infected or not, or whether you have Java or not, you just install the update. It covers all bases.
There are three available updates, each one specific to a particular subset of users (with no overlap):
1) Java for OS X Lion 2012-003, available only for users of Lion with Java installed
2) Flashback malware removal tool, available only for users of Lion without Java installed
3) Java for Mac OS X 10.6 Update 8, available only for users of Snow Leopard
You install whichever of these shows up in Software Update, and it removes the malware (if present), updates Java (if present) and tightens up Java settings for the future. You could certainly download from Apple's web site as well, instead of using Software Update, but it's important you know which one to get, as the other two won't work for you.
-
Apr 15, 2012 11:47 AM in response to thomas_r.by Kappy,Thank you. I will correct or amend my information accordingly.
-
Apr 15, 2012 12:17 PM in response to Kappyby MadMacs0,Kappy wrote:
Actually, I was under the impression that having been infected while running Snow Leopard that the infection would not be removed by installing Lion. But Linc has corrected me twice about that. Linc has seemed very well informed about the malware. I guess that was wrong or he misstated.
I guess I missed seeing that. I can't imagine how installing Lion over a Snow Leopard installation would remove any of the malware components, with the possible exception of any injected into Safari. Did he explain how that took place?
-
Apr 15, 2012 12:21 PM in response to thomas_r.by MadMacs0,Thomas A Reed wrote:
Install whatever Java- or Flashback-related update is currently available in Software Update.
But what I've was hearing yesterday was that the Flashback malware removal tool did not show up in Software Update and had to be manually downloaded. Was that incorrect or has it changed now?
-
Apr 15, 2012 12:22 PM in response to MadMacs0by Kappy,No. And, I don't remember where exactly the exchange took place in order to review what was said.
But it's now straightened out.
-
Apr 15, 2012 12:24 PM in response to MadMacs0by Kappy,The "removal" tool is a separate download. I have only seen the Security update show up in SU for me.