13 Replies Latest reply: May 2, 2012 12:23 PM by MadMacs0
pooper Level 1 Level 1

Keep getting prompt asking to verify the certificate for platform twitter.com, and my Mac has sloed-down considerably.  Sound liks any virus's out there..?


Imac, Mac OS X (10.5.8), 2.1 GHz Power PC G5 1.5GB DDR2 SDRAM 250GB HD
Solved by MadMacs0 on May 1, 2012 5:24 PM Solved

pooper wrote:

 

Keep getting prompt asking to verify the certificate for platform twitter.com, and my Mac has sloed-down considerably.  Sound liks any virus's out there..?

Nope, just some sort of a glitch in the Certificate world. If it's the one I'm thinking of it's a JavaScript for a Twitter Button (perhaps on c|net's floating button bar). The Certificate is valid until mid-June and issued by VeriSign. Allowing it just gives you the button on that page. Trusting the certificate seems harmless to me since it's clearly coming from a Twitter domain. Why it's screwed up is a mystery to me in view of the fact that VeriSign invented the system.

Reply by BDAqua on May 1, 2012 10:35 AM Helpful

Well, check these out...

 

ClamXAV, free Virus scanner...

http://www.clamxav.com/

 

Free Sophos...

 

http://www.sophos.com/products/enterprise/endpoint/security-and-control/mac/

 

Little Snitch, stops/alerts outgoing stuff...

http://www.obdev.at/products/littlesnitch/index.html

 

 

Free Sophos...

 

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx

 

See if you might have this malware redirecting DNS queries...

 

http://macmegasite.com/node/3924

 

http://www.ehow.com/how_2128387_remove-osxrspluga-trojan-horse-mac.html

 

How to fix...

 

http://www.macosxhints.com/article.php?story=20071031114140862

 

 

Known DNSChanger address ranges. Source: dcwg.org

 

http://krebsonsecurity.com/2012/03/court-4-more-months-for-dnschanger-infected-p cs/

 

Get MacScan...

 

http://www.apple.com/downloads/macosx/networking_security/macscan.html

 

Disable Java in your Browser settings, not JavaScript.

 

http://support.apple.com/kb/HT5241?viewlocale=en_US

http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064

http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets

 

Flashback - Detect and remove the uprising Mac OS X Trojan...

 

http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html

 

In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:

 

/Library/Little Snitch

/Developer/Applications/Xcode.app/Contents/MacOS/Xcode

/Applications/VirusBarrier X6.app

/Applications/iAntiVirus/iAntiVirus.app

/Applications/avast!.app

/Applications/ClamXav.app

/Applications/HTTPScoop.app

/Applications/Packet Peeper.app

 

If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.

 

http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/

 

http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660

 

The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.

 

https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site

 

More bad news...

 

https://www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Explo its_Targeted_Attacks_and_Possible_APT_link

Reply by Klaus1 on May 1, 2012 11:07 AM Helpful

Further analysis of Flashback by Russian security firm Dr Web, which sounded the alarm about the malware, has revealed how it was controlled.

Its creators seem to have used Twitter as the command-and-control system for the huge number of machines that it infected.

Compromised machines were programmed to regularly search Twitter for messages containing particular strings of letters. These would direct infected machines to visit particular websites to get updates or receive further instructions.

http://www.bbc.co.uk/news/technology-17906830

All social networking sites get hacked and distribute malware from time to time.

All replies