13 Replies Latest reply: May 2, 2012 12:23 PM by MadMacs0
pooper Level 1 Level 1

Keep getting prompt asking to verify the certificate for platform twitter.com, and my Mac has sloed-down considerably.  Sound liks any virus's out there..?

Imac, Mac OS X (10.5.8), 2.1 GHz Power PC G5 1.5GB DDR2 SDRAM 250GB HD
Solved by MadMacs0 on May 1, 2012 5:24 PM Solved

pooper wrote:


Keep getting prompt asking to verify the certificate for platform twitter.com, and my Mac has sloed-down considerably.  Sound liks any virus's out there..?

Nope, just some sort of a glitch in the Certificate world. If it's the one I'm thinking of it's a JavaScript for a Twitter Button (perhaps on c|net's floating button bar). The Certificate is valid until mid-June and issued by VeriSign. Allowing it just gives you the button on that page. Trusting the certificate seems harmless to me since it's clearly coming from a Twitter domain. Why it's screwed up is a mystery to me in view of the fact that VeriSign invented the system.

Reply by BDAqua on May 1, 2012 10:35 AM Helpful

Well, check these out...


ClamXAV, free Virus scanner...



Free Sophos...




Little Snitch, stops/alerts outgoing stuff...




Free Sophos...


http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx


See if you might have this malware redirecting DNS queries...






How to fix...





Known DNSChanger address ranges. Source: dcwg.org


http://krebsonsecurity.com/2012/03/court-4-more-months-for-dnschanger-infected-p cs/


Get MacScan...




Disable Java in your Browser settings, not JavaScript.






Flashback - Detect and remove the uprising Mac OS X Trojan...




In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:


/Library/Little Snitch


/Applications/VirusBarrier X6.app





/Applications/Packet Peeper.app


If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.


http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/




The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.


https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site


More bad news...


https://www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Explo its_Targeted_Attacks_and_Possible_APT_link

Reply by Klaus1 on May 1, 2012 11:07 AM Helpful

Further analysis of Flashback by Russian security firm Dr Web, which sounded the alarm about the malware, has revealed how it was controlled.

Its creators seem to have used Twitter as the command-and-control system for the huge number of machines that it infected.

Compromised machines were programmed to regularly search Twitter for messages containing particular strings of letters. These would direct infected machines to visit particular websites to get updates or receive further instructions.


All social networking sites get hacked and distribute malware from time to time.

All replies