virus threats
Is there a current virus threat that I should be aware of?
iMac, Mac OS X (10.5.8)
Is there a current virus threat that I should be aware of?
iMac, Mac OS X (10.5.8)
Stricktly speaking, no Virii on Macs yet, but there is Malware still...
Disable Java in your Browser settings, not JavaScript.
http://support.apple.com/kb/HT5241?viewlocale=en_US
http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
Little Snitch, stops/alerts outgoing stuff...
http://www.obdev.at/products/littlesnitch/index.html
Flashback - Detect and remove the uprising Mac OS X Trojan...
http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
MadMacs0 says...
This script from F-Secure is the only one I'm currently recommending http://www.f-secure.com/weblog/archives/00002346.html
http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
Open DNS also blocks the FlashBack thing...
http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /
Klaus1 on viruses...
http://discussions.apple.com/thread.jspa?threadID=1764179&tstart=0
Or the Free Sophos...
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx
See if you might have this malware redirecting DNS queries...
http://macmegasite.com/node/3924
http://www.ehow.com/how_2128387_remove-osxrspluga-trojan-horse-mac.html
How to fix...
http://www.macosxhints.com/article.php?story=20071031114140862
Get MacScan...
http://www.apple.com/downloads/macosx/networking_security/macscan.html
Malware list....
How to uninstall MacKeeper...
http://applehelpwriter.com/2011/09/21/how-to-uninstall-mackeeper-malware/
https://discussions.apple.com/docs/DOC-3039
http://x704.net/bbs/viewtopic.php?f=6&t=4479
ClamXAV, free Virus scanner...
Free Sophos...
http://www.sophos.com/products/enterprise/endpoint/security-and-control/mac/
Little Snitch, stops/alerts outgoing stuff...
Stricktly speaking, no Virii on Macs yet, but there is Malware still...
Disable Java in your Browser settings, not JavaScript.
http://support.apple.com/kb/HT5241?viewlocale=en_US
http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
Little Snitch, stops/alerts outgoing stuff...
http://www.obdev.at/products/littlesnitch/index.html
Flashback - Detect and remove the uprising Mac OS X Trojan...
http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
MadMacs0 says...
This script from F-Secure is the only one I'm currently recommending http://www.f-secure.com/weblog/archives/00002346.html
http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
Open DNS also blocks the FlashBack thing...
http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /
Klaus1 on viruses...
http://discussions.apple.com/thread.jspa?threadID=1764179&tstart=0
Or the Free Sophos...
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx
See if you might have this malware redirecting DNS queries...
http://macmegasite.com/node/3924
http://www.ehow.com/how_2128387_remove-osxrspluga-trojan-horse-mac.html
How to fix...
http://www.macosxhints.com/article.php?story=20071031114140862
Get MacScan...
http://www.apple.com/downloads/macosx/networking_security/macscan.html
Malware list....
How to uninstall MacKeeper...
http://applehelpwriter.com/2011/09/21/how-to-uninstall-mackeeper-malware/
https://discussions.apple.com/docs/DOC-3039
http://x704.net/bbs/viewtopic.php?f=6&t=4479
ClamXAV, free Virus scanner...
Free Sophos...
http://www.sophos.com/products/enterprise/endpoint/security-and-control/mac/
Little Snitch, stops/alerts outgoing stuff...
The very best thing you can do is keep your version of OS X up-to-date. Apple has daily updates, many are security related. You are running a pretty old version of OS X (it's about 5 years old now), if your system is up to it I'd recommend upgrading to Snow Leopard or even Mt. Lion when it is released tomorrow. Of course your computer has to have the minimum system requirements to do so which means you need to see if your computer is up to the task.
vmibuck wrote:
Is there a current virus threat that I should be aware of?
Still nothing in the virus catagory, but your are vulnerable to Flashback Trojan/Backdoor infection as well as a few lesser threats that use a Java vulnerability so you should read up on that and make sure you have Java (not JavaScript) disabled in all your browsers.
If you are talking about today's news there were a couple of Windows worms found in an AppStore app and a new Trojan not yet found in the wild that is still being analyzed. http://reviews.cnet.com/macfixit/.
Why do you ask?
Thanks for the info. I did an online chat with Apple support last night. We agreed that my iMac should be upgraded to Snow Leopard. I ordered the CDs last night. I also found remnants of that damned MacKeeper POS still on my iMac. I think that I finally got rid of it.
Thanks for all the great info!
MadMacs0 wrote: If you are talking about today's news there were a couple of Windows worms found in an AppStore app and a new Trojan not yet found in the wild that is still being analyzed. http://reviews.cnet.com/macfixit/.
Add that to the backdoor recently found in the iPhone App Store. But I'm sure we'll all be safe now that Apple has instituted code signing in Mountain Lion Gatekeeper and is certain to be carefully vetting every bit of submitted code before releasing it to the public. (In case it's not obvious, tongue planted firmly in cheek.)
http://www.tomsguide.com/us/Malware-Kaspersky-Find-And-Call-App-Store-Google-Pla y,news-15768.html
Your welcome.
There was no backdoor in the iPhone App Store. A developer uploaded an app that had some resources infected with a Windows virus. You would have to be a very skilled hacker to begin with to ever get that to execute.
Did you see the link I posted, or are you mistakenly referring to the one MadMacs0 posted about the Windows worms? Actually it was a data stealing Trojan.
http://www.securelist.com/en/blog/208193641/Find_and_Call_Leak_and_Spam
http://www.tomsguide.com/us/Malware-Kaspersky-Find-And-Call-App-Store-Google-Pla y,news-15768.html
I was referring to the Windows worms. Find and Call is old news. There is no way Apple can predict malicious behaviour. All Apple can do is pull an app that exhibits a problem and that happens promptly.
It's old news, yes, but so what? I didn't link to it because it's a current threat, but to illustrate how lame and inadequate Apple's code vetting is. And millions of users with ML will now be duped into thinking they are safe because an Application is Gatekeeper approved. Just as with a lot of the garbage in the App Store, there is absolutely no way that Apple will be examining every bit of code in Gatekeeper Applications. Even if they wanted to, they couldn't possibly keep up. They will be relying on guinea pig end users.
How will code signing prevent someone with malicious intent from pulling a fast one? For $99 a pop, just about anyone can (and, I predict will) do it. This will come back to bite Apple in the....
And, not being Gatekeeper approved will, for the uninformed -- and for no real tangible benefit for security -- cast doubt on perfectly legitimate Applications outside of the Apple walled garden.
Do you have any better ideas? Apple's App Stores are the most secure software delivery channels anywhere.
Of course it won't happen, but my better idea is to drop the phony Gatekeeper BS entirely. I'll take my chances with what I've always done. Read all the reviews, look around on the various boards, and always DL directly from the developer's site when possible.
Imagine if someone like Marcel Bresink doesn't want to do the code signing crap: He gets effectively blacklisted.
Oh, and who cares if a delivery system is safe. What matter's is what gets delivered.
You are free to continue to use your system. You can even setup your list of WZZZ approved apps if you want. The rest of us really like the App Stores.
...The rest of us really like the App Stores.
Even though I'm certain you will find others who will agree with you, who are happy with Apple's current race to the bottom, you might want to try speaking only for yourself.
virus threats