Previous 1 2 Next 19 Replies Latest reply: May 12, 2012 12:32 AM by MadMacs0
chaminade0408 Level 1 Level 1 (0 points)

I just updated my MacBook Pro (which I check for updates about 2-3 times a week, plus the automatic alerts) and it updated Java. Almost immediately after, I got this:

 

It says "Malware was found and removed from computer. The "OSX.FlashBack.iv" malware was found and removed." It then gives you the option to "Report malware to Apple to protect other users," to click on the question mark for help (which goes no where..opens up "Help" with no information displayed" and to click OK.

 

does anyone know anything about this? should I be concerned? I can find almost nothing about OSX.FlashBack.iv online, or anything about the the prompt itself. is this an actual Apple prompt?

 

any help would be greatly appreciated!

 

 

Screen Shot 2012-04-19 at 7.52.55 PM.png


MacBook Pro (15-inch Early 2008), Mac OS X (10.5.5)
  • macjack Level 9 Level 9 (50,625 points)

    Yes, it is part of a recent security update. The Flashback removal tool. If it finds it, it removes it and gives you that message. You're all good.

  • bud300 Level 1 Level 1 (0 points)

    So if this window pops up, does that mean that you had the malware?

  • Barney-15E Level 8 Level 8 (41,135 points)

    bud300 wrote:

     

    So if this window pops up, does that mean that you had the malware?

    Yes.

  • bud300 Level 1 Level 1 (0 points)

    And what did the malware do to my Mac?

  • Barney-15E Level 8 Level 8 (41,135 points)

    The purpose of the malware was a data information bot that transferred personal information from your computer to a server. Whether it did or not is unknown.

  • bud300 Level 1 Level 1 (0 points)

    So what is there to do now?

  • Barney-15E Level 8 Level 8 (41,135 points)

    If you think you had it on your computer, then I would go round to every service I use online and change the passwords.

    I'm not sure if that is too paranoid or not. You might search the various security sites and blogs to see what they say about what it was collecting and if there are other mitigation steps to follow in the aftermath.

     

    There are a few people here who follow the security stuff heavily and they may chime in on the topic. However, that may be a good idea to start your own post that may be valuable to lots of people. Start it with a topic like, "What to do now if I had the Flashback Trojan?"

  • bud300 Level 1 Level 1 (0 points)

    I've been checking my computer frequently with the following terminal lines:

    - defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    - defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

     

    And they have been coming up saying that I don't have it, so I thought I was safe. Is this incorrect?

  • Barney-15E Level 8 Level 8 (41,135 points)

    I don't know the specifics of those commands. They look correct, but I'm not certain.

    However, there were various versions of Flashback, those commands only detect the current one running around. The removal tool might have detected one of the previous versions and removed it. I don't know what those did at all.

  • thomas_r. Level 7 Level 7 (29,980 points)

    Those commands do not detect all variants of Flashback.  Your machine is clean now, and the update will have locked down Java so that you'll be safer from any other not-yet-discovered Java exploits in the future.  But, as Barney mentioned, it is not well documented what information this malware actually gathered.  So you'd be wise to change passwords, as he recommended, as well as keeping a close eye on your credit cards and bank accounts, and any other financial accounts you may have (PayPal, Amazon, etc).

  • bud300 Level 1 Level 1 (0 points)

    So once I've changed all my passwords, I should be ok?

  • chaminade0408 Level 1 Level 1 (0 points)

    thanks for all the info/help!! I wish Apple or a major computer security company would give a more comprehensive and detailed explanation of what this malware does and what are the best things that we can do to protect ourselves now

  • MadMacs0 Level 5 Level 5 (4,510 points)

    chaminade0408 wrote:

     

    thanks for all the info/help!! I wish Apple or a major computer security company would give a more comprehensive and detailed explanation of what this malware does and what are the best things that we can do to protect ourselves now

    I don't think Apple knows anything about what it does and about the only company I've heard from about this was Intego back in February Flashback Mac Trojan Horse Infections Increasing with New Variant toward the end of the article. They are also the one that have said Twitter is being used for communicating between computer bots and Command & Control Servers. But I've only heard of one user reporting fraudulent Credit Card activity after being infected.

     

    BTW, you might want to change your profile info. It doesn't appear you are still running OS X 10.5.5 on the machine being discussed here.

  • dudelar Level 1 Level 1 (0 points)

    what i don't understand is this, a few weeks back when this virus was announced, i scanned my comptuer and it was clean. i installed the security update and all was good. i installed the new security update and got this pop-up. how is it that i had the flashback if i followed all of the instructions originally? a little frustrated

Previous 1 2 Next