Greetings!
Does anyone know of planned patches for OS 10.5.x, Java, Safari, etc. in light of the Flashback Trojan (and other malware) appearance?
Rich
G5 Tower, MacBook Pro, Mac 8500C PPC Tower, Mac OS X (10.5.8), Also OS 9.1 and 8.1
No updates for Leopard, which is no longer supported.
You should turn off Java (but not Javascript) in Safari Preferences/Security, and uncheck 'Open Safe Files after downloading' in Safari Prefeences/General.
Nope, & they're not likely to.
Disable Java in your Browser settings, not JavaScript.
http://support.apple.com/kb/HT5241?viewlocale=en_US
http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
Flashback - Detect and remove the uprising Mac OS X Trojan...
http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site
More bad news...
Apple just released the following
Flashback Removal Security Update
...and a related subject
Leopard Security Update 2012-003
System requirement is Mac OS X v10.5.8. Unknown if it will work on PPC Macs.
Did not show up in Software Update on my G5 iMac running Leopard, from which I deduce that the Flashback Trojan does not pose a threat to PPC Macs, presumably because I cannot run a version of Flash Player that is vulnerable.
I am ever the optimist! 😉
The updates are not showing up in SU for me. The downloads ARE at the Apple Downloads site but they don't run. They say I need 10.5.8. I have 10.5.8 buld 9L31a. Something is broken.
If you have Flash or Java, there are threats. These updates are supposed to close them off.
BTW, I have two PPC machines.
Flashback does not need Flash, just Java, to infect.
This is indeed an Intel only update.
Klaus1 wrote:
presumably because I cannot run a version of Flash Player that is vulnerable.
The Flash Player update is not related to Flashback, but you would be able to run versions of Flash Player prior to 10.1.102.64 if you wanted to.
BTW that "new" Flash Player came out in November 2010, so this is a really timely update they are giving out.
John Galt wrote:
Apple just released the following
Except that the OP was looking for a Java update which isn't part of this. So what happens if you come up clean and the next site you visit with Java left turned on is the Flashback site...you are infected. Kind of a half hearted update if you ask me. Let's hope there is more to come.
MadMacs0 wrote:
John Galt wrote:
Apple just released the following
Except that the OP was looking for a Java update which isn't part of this. So what happens if you come up clean and the next site you visit with Java left turned on is the Flashback site...you are infected. Kind of a half hearted update if you ask me. Let's hope there is more to come.
Agree, sounds quite lame, especially since it may give those who run the update and don't understand what it does and doesn't do a false sense of security.
From what is known PowerPC machines are not affected. You can apply the 10.5.8 combo update to see if it makes a difference.
Yes Apple has now posted securituy updates for OSX 10.5.6, I've just downloaded them to be on the safe side despite my dad concluding that when this virus came to light originally my laptop was clean and turning off Java.
Emma,
Just a distinction here, it is 10.5.8, not 10.5.6 that they released the update for.
a brody is right, PPC Macs have not been infected due to the trojan being Intel code only, but many ways to protect yourself on PPC Macs...
Disable Java in your Browser settings, not JavaScript.
http://support.apple.com/kb/HT5241?viewlocale=en_US
http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
Little Snitch, stops/alerts outgoing stuff...
http://www.obdev.at/products/littlesnitch/index.html
Flashback - Detect and remove the uprising Mac OS X Trojan...
http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
MadMacs0 says...
This script from F-Secure is the only one I'm currently recommending http://www.f-secure.com/weblog/archives/00002346.html
http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
Open DNS also blocks the FlashBack thing...
http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /
Has Apple posted security updates for OS 10.5.x in light of the Flashback (and similar) malware?
