OSX popup about malware?

Yes, it is part of a recent security update. The Flashback removal tool. If it finds it, it removes it and gives you that message. You're all good.

So if this window pops up, does that mean that you had the malware?

bud300 wrote:

So if this window pops up, does that mean that you had the malware?

Yes.

And what did the malware do to my Mac?

The purpose of the malware was a data information bot that transferred personal information from your computer to a server. Whether it did or not is unknown.

So what is there to do now?

If you think you had it on your computer, then I would go round to every service I use online and change the passwords.

I'm not sure if that is too paranoid or not. You might search the various security sites and blogs to see what they say about what it was collecting and if there are other mitigation steps to follow in the aftermath.

There are a few people here who follow the security stuff heavily and they may chime in on the topic. However, that may be a good idea to start your own post that may be valuable to lots of people. Start it with a topic like, "What to do now if I had the Flashback Trojan?"

I've been checking my computer frequently with the following terminal lines:

- defaults read /Applications/Safari.app/Contents/Info LSEnvironment

- defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

And they have been coming up saying that I don't have it, so I thought I was safe. Is this incorrect?

I don't know the specifics of those commands. They look correct, but I'm not certain.

However, there were various versions of Flashback, those commands only detect the current one running around. The removal tool might have detected one of the previous versions and removed it. I don't know what those did at all.

Those commands do not detect all variants of Flashback. Your machine is clean now, and the update will have locked down Java so that you'll be safer from any other not-yet-discovered Java exploits in the future. But, as Barney mentioned, it is not well documented what information this malware actually gathered. So you'd be wise to change passwords, as he recommended, as well as keeping a close eye on your credit cards and bank accounts, and any other financial accounts you may have (PayPal, Amazon, etc).

So once I've changed all my passwords, I should be ok?

chaminade0408 wrote:

thanks for all the info/help!! I wish Apple or a major computer security company would give a more comprehensive and detailed explanation of what this malware does and what are the best things that we can do to protect ourselves now

I don't think Apple knows anything about what it does and about the only company I've heard from about this was Intego back in February Flashback Mac Trojan Horse Infections Increasing with New Variant toward the end of the article. They are also the one that have said Twitter is being used for communicating between computer bots and Command & Control Servers. But I've only heard of one user reporting fraudulent Credit Card activity after being infected.

BTW, you might want to change your profile info. It doesn't appear you are still running OS X 10.5.5 on the machine being discussed here.

what i don't understand is this, a few weeks back when this virus was announced, i scanned my comptuer and it was clean. i installed the security update and all was good. i installed the new security update and got this pop-up. how is it that i had the flashback if i followed all of the instructions originally? a little frustrated

dudelar wrote:

what i don't understand is this, a few weeks back when this virus was announced,

Flashback was announced last Fall. Malware yes. Virus no.

i scanned my comptuer and it was clean.

Scanned with what? Most of the scanning software was running two to three weeks behind the introduction of new variants.

i installed the security update and all was good. i installed the new security update and got this pop-up. how is it that i had the flashback if i followed all of the instructions originally? a little frustrated

Hard to say as I don't really know what security update you installed when. If you used Software Update to do this (which is what I keep advising) then you can give us details by going to System Preferences->Software Update->Installed tab and it will tell you exactly what you installed and when. I only know of three updates from Apple associated with this malware.

One for OS X 10.6.8

One for OS X 10.7.3 with Java installed

One for OS X 10.7.x without Java installed

and you should only have been told to install one of them. Perhaps you installed the wrong one first and it didn't work?

To add to my confusion your profile says you are using a "powermac g5, Mac OS X (10.4.11)" which not only won't run any of these updates, it isn't even capable of being infected by Flashback.