4 Replies Latest reply: Apr 21, 2012 11:18 AM by Carolyn Samit
joecitisam Level 1 Level 1

I have a continual error (15times in 2 days) with safari quitting and this Plugin error. Is anyone familiar with it and can offer any suggestions as to going about sorting it.

Thanks


MacBook Air, Mac OS X (10.6.8)
Solved by Carolyn Samit on Apr 21, 2012 11:18 AM Solved
Hi... Removing the flashback trojan is relatively easy. Install this update >  Java for Mac OS X 10.6 Update 8 Then restart your Mac, try Safari.
Reply by Klaus1 on Apr 21, 2012 8:56 AM Helpful
You have been infected with the Flashback Trojan. The ‘Flashback Trojan’:A version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings. The most recent versions bypass any user action and automatically installs itself after an affected website is visited.  http://www.appleinsider.com/articles/11/10/19/fake_adobe_flash_malware_seeks_to_ disable_mac_os_x_anti_malware_protection.html (Adobe is aware of malware posing as its Flash Player and warns users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc). If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.") Flashback Trojan - Prevention of infection:In order to prevent a potential infection with “Flashback” Trojans, Mac users should always obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Safari Preferences/General to avoid automatically running files downloaded from the Internet. Also, do not turn on Java in Safari Preferences/Security. Few websites use Java. Javascript is something entirely different and should be left active. The Flashback Trojan does not affect PPC (non-Intel) Macs, nor has it been noted to affect users running Tiger OS 10.4.11 or Leopard OS 10.5.8. Last, but by no means least, using Open DNS is the simplest way of preventing infection in the first place. Open DNS also protects against phishing attacks, re-directs, speeds up your internet connection, and works for all users of OS X from Tiger upwards: http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns / How to get it: https://store.opendns.com/get/home-free Flashback Trojan - Detection and RemovalUsers with Intel Macs running Snow Leopard OS 10.6 or Lion OS 10.7 should ensure that they have downloaded all the recent Java updates from Apple, which are designed to prevent infection and also remove any infection already present.New Macs running Lion do not have either Flash Player nor Java installed. If you running Lion and have not already downloaded and installed Java, you should download the ‘Flashback malware removal tool’ from Apple:  http://support.apple.com/kb/HT5246  (356KB) which includes the same code as the Java update that plugged a security hole which allowed the malware to automatically install itself without admin authorization. You can also use this to check whether you have been infected (for Intel Macs only) and remove it if required: http://www.macupdate.com/app/mac/42571/anti-flashback-trojan  Flashback Trojan - Detection, and how to remove (with caution) if you are running other browsers than Safari: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

All replies

  • Klaus1 Level 8 Level 8

    You have been infected with the Flashback Trojan.

     

    The ‘Flashback Trojan’:

    A version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings. The most recent versions bypass any user action and automatically installs itself after an affected website is visited.

     

    http://www.appleinsider.com/articles/11/10/19/fake_adobe_flash_malware_seeks_to_ disable_mac_os_x_anti_malware_protection.html

     

    (Adobe is aware of malware posing as its Flash Player and warns users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc). If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.")

     

    Flashback Trojan - Prevention of infection:

    In order to prevent a potential infection with “Flashback” Trojans, Mac users should always obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Safari Preferences/General to avoid automatically running files downloaded from the Internet. Also, do not turn on Java in Safari Preferences/Security. Few websites use Java. Javascript is something entirely different and should be left active.

     

    The Flashback Trojan does not affect PPC (non-Intel) Macs, nor has it been noted to affect users running Tiger OS 10.4.11 or Leopard OS 10.5.8.

     

    Last, but by no means least, using Open DNS is the simplest way of preventing infection in the first place. Open DNS also protects against phishing attacks, re-directs, speeds up your internet connection, and works for all users of OS X from Tiger upwards:

     

    http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /

     

    How to get it:

     

    https://store.opendns.com/get/home-free

     

    Flashback Trojan - Detection and Removal

    Users with Intel Macs running Snow Leopard OS 10.6 or Lion OS 10.7 should ensure that they have downloaded all the recent Java updates from Apple, which are designed to prevent infection and also remove any infection already present.

    New Macs running Lion do not have either Flash Player nor Java installed. If you running Lion and have not already downloaded and installed Java, you should download the ‘Flashback malware removal tool’ from Apple:  http://support.apple.com/kb/HT5246  (356KB) which includes the same code as the Java update that plugged a security hole which allowed the malware to automatically install itself without admin authorization.

     

    You can also use this to check whether you have been infected (for Intel Macs only) and remove it if required:

     

    http://www.macupdate.com/app/mac/42571/anti-flashback-trojan

     

     

    Flashback Trojan - Detection, and how to remove (with caution) if you are running other browsers than Safari:

     

    http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

  • joecitisam Level 1 Level 1

    Brilliant, Thanks very much for the insight.

    Its all a bit of a new world to me but it's all learning, hope the weathers good over there, thanks again.

  • Klaus1 Level 8 Level 8

    hope the weathers good over there

     

    It has yet to make up its mind!

  • Carolyn Samit Level 10 Level 10
    expertise.safari
    Safari

    Hi...

     

    Removing the flashback trojan is relatively easy.

     

    Install this update >  Java for Mac OS X 10.6 Update 8

     

    Then restart your Mac, try Safari.