Skip navigation

HT5244: About Flashback malware

Learn about About Flashback malware

HT5244 Is using Flashbackcheck.com safe?

3027 Views 17 Replies Latest reply: Apr 16, 2012 4:23 AM by R C-R RSS
1 2 Previous Next
marycc Calculating status...
Currently Being Moderated
Apr 14, 2012 3:53 PM

I went to the website(www.flashbackcheck.com) and received this message, "We have checked the version of Java installed on your computer and discovered that you are running a vulnerable version. You should update as soon as possible.

We suggest that you use the Mac OS X automatic software update feature."

Should I follow this instruction? I included my UUID for a diagnosis, is my computer safe?

iMac, Mac OS X (10.5.8)
  • baltwo Level 9 Level 9 (59,150 points)
    Currently Being Moderated
    Apr 14, 2012 4:55 PM (in response to marycc)
    27" i7 iMac 10.6.8 , Mac OS X (10.7.3), G4 450 MP 1.5 GB RAM w/(10.5.8/10.4.11/9.2.2)
  • fane_j Level 4 Level 4 (3,655 points)
    Currently Being Moderated
    Apr 14, 2012 6:12 PM (in response to marycc)

    marycc wrote:

    Should I follow this instruction?

    If, by "this instruction", you mean, "We suggest that you use the Mac OS X automatic software update feature", then the answer is, yes, of course.

     

    Use  > Software Update and install the Java update(s) it will find for your system. Do it ASAP.

  • fane_j Level 4 Level 4 (3,655 points)
    Currently Being Moderated
    Apr 14, 2012 6:13 PM (in response to baltwo)

    baltwo wrote:

     

    NO! See http://reviews.cnet.com/8301-13727_7-57413258-263/disabling-java-via-the-command -line-in-os-x-is-not-easy/?tag=txt;title for starters.

    Perhaps you were answering by mistake to a different thread?…

  • John Galt Level 7 Level 7 (33,055 points)
    Currently Being Moderated
    Apr 14, 2012 6:25 PM (in response to fane_j)

    The "flashback" site referenced is either malicious or simply incorrect.

     

    Screen Shot 2012-04-14 at 9.15.41 PM.png

     

    Wrong. I am not running Java. Little Snitch reported no information was sent. Nice try.

     

    Next clue:

     

    Screen Shot 2012-04-14 at 9.21.12 PM.png

     

    Upload my UUID over an open connection to (whom, exactly?) With no privacy policy? No.

     

    Screen Shot 2012-04-14 at 9.17.55 PM.png

     

    Kaspersky AV is junk.

     

    Forget that site.

  • fane_j Level 4 Level 4 (3,655 points)
    Currently Being Moderated
    Apr 14, 2012 6:55 PM (in response to John Galt)

    John Galt wrote:

     

    The "flashback" site referenced is either malicious or simply incorrect.

    That may very well be true; but what's wrong with the instruction, "We suggest that you use the Mac OS X automatic software update feature"? I don't see why the OP should not follow it. It may not help, if the OP is really running Leopard, but it certainly can't hurt.

    Kaspersky AV is junk.

    It appears that your opinion is not shared by all.

     

    <http://www.macworld.co.uk/macsoftware/reviews/?reviewid=3257120>

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    Apr 14, 2012 7:43 PM (in response to marycc)

    www.flashbackcheck.com checker is safe as far as I can tell

     

    However it's not accurate as it only reports the UUID's it saw on the sinkhole server they set up.

     

    I've ran someone's UUID through that they did have the malware (confirmed) and the flashbackchecker site was incorrect.

     

    Run Apple's Software Update, if you have it, it will remove it AND it will hobble Java some too

     

     

    Some more "hardening" steps one can take are here

     

    https://discussions.apple.com/docs/DOC-3291

  • noondaywitch Level 6 Level 6 (8,130 points)
    Currently Being Moderated
    Apr 15, 2012 1:28 AM (in response to ds store)

    Note that the OP is running Leopard - the Java updates will not be offered.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Apr 15, 2012 3:27 AM (in response to marycc)

    @marycc

     

    To answer the subject of this thread, If you feel a need to use such a site then this is a better choice would be https://www.drweb.com/flashback/ since it uses a secure connection when entering your information. The database they are using is reportedly the same one. I would feel slightly better about it if they included a Privacy Statement telling me what they were going to do with the information provided, but all reports are that they are a reputable firm in the anti-virus business for 20 years, so it's probably OK.

     

    As others have said,  updating your software is not an option for you since OS X 10.5 is not going to be updated beyond what is available to you today. If at all possible you should upgrade your Mac to at least 10.6.8 which will get you greatly increased security as well as continued support for a few more months.

  • fane_j Level 4 Level 4 (3,655 points)
    Currently Being Moderated
    Apr 15, 2012 3:39 AM (in response to noondaywitch)

    noondaywitch wrote:

     

    Note that the OP is running Leopard

    The OP says he's running Leopard; but he's posting in the Snow Leopard forum, and I've seen a few posters who neglected to update their OS version info…

  • Roger Wilmut1 Level 9 Level 9 (63,985 points)
    Currently Being Moderated
    Apr 15, 2012 3:41 AM (in response to fane_j)

    The best tool is probably F-Secure's Flashback Removal Tool, but their site doesn't say whether it will run on Leopard - it's basically an AppleScript so probably it will.

     

    FlashbackRemoval.zip

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Apr 15, 2012 4:02 AM (in response to Roger Wilmut1)

    Roger Wilmut1 wrote:

     

    The best tool is probably F-Secure's Flashback Removal Tool, but their site doesn't say whether it will run on Leopard - it's basically an AppleScript so probably it will.

    Agree that it's the best tool currently available. I was able to run both the AppleScript and the embedded shell script on my Leopard iMac G5 by extracting the scripts from the intel only app.

  • jsd2 Level 5 Level 5 (6,200 points)
    Currently Being Moderated
    Apr 15, 2012 5:14 AM (in response to Roger Wilmut1)

    The F-Secure removal tool page contains the following:

    -----------------

    If you run an older version of Mac OS X, update to a current version. Or disable Java in your browser. Or uninstall Java. And run our free tool. And yes, we have a full-blown F-Secure Antivirus for Mac available as well.

    --------------------------

     

    So it seems very likely that the tool will run directly on Intel Leopard systems.  I don't have such a system to test it on.

    Mac mini (Late 2009), Mac OS X (10.6.8), dual-boot Lion OS X 10.7.3
  • jsd2 Level 5 Level 5 (6,200 points)
    Currently Being Moderated
    Apr 15, 2012 5:36 AM (in response to MadMacs0)

    With some trepidation, I had earlier sent my UUID to the DrWeb site to see if it was in their sinkhole database (it wasn't).  I also had and still have some "privacy concerns", but in thinking about the UUID specifically, what use could it be to anyone?

    On these boards, a participant is sometimes asked to post the hardware info from System Profiler to help solve a problem. If the Serial Number is posted, the hosts will edit it out, but they don't edit the UUID if someone posts it. I assume this is because they don't think it can be used for a bad purpose.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Apr 15, 2012 5:47 AM (in response to jsd2)

    jsd2 wrote:

     

    in thinking about the UUID specifically, what use could it be to anyone?

    I agree. I've been trying to come up with what anyone could do with it. Yes, it could be used for tracking but I suspect that's going on anyway with some applications, and even that doesn't bother me. And of what use do they think a serial number is?

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.