Discussion Mac OSX trojan

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
R

roagie

Distinguished
Jan 14, 2010
119
0
18,710
Just reminding everyone that there are now two trojans out in the wild for the Mac OSX. The latest takes advantage of a Java Loophole that has been recently patched. So please make sure to patch your systems as soon as possible.

To see if you have contracted the flashback trojan (latest incarnation) :

1. In Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

2. Take note of the value, DYLD_INSERT_LIBRARIES
3. if you got the following error message:

“The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”

Skip to 7

if you don't, run the following in Terminal:

grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step2%

4. note f the value after __ldpath__

5. in Terminal (first make sure there is only one entry, from step 2):

sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment

sudo chmod 644 /Applications/Safari.app/Contents/Info.plist

(this allows you to change applications at the root level and adds additional permissions)

6. remove the files in steps 2 and 5

7. in Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

8. Your system is clean of flashback if you get this message:

“The domain/default pair of (/Users/xyourusernamex/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”

9. if not enter this in Terminal:

grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step9%

10. note of the value after __ldpath__

11. then in Terminal:

defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

launchctl unsetenv DYLD_INSERT_LIBRARIES

12. Finally, delete the files obtained in steps 8 and 10.

Hope this helps. The flashback trojan installs when visiting an infected website or downloading an infected file. Although the trojan will prompt you for an admin password, it is in fact already installed.

For more information you can visit: http://www.pcmag.com/article2/0,2817,2402641,00.asp

Roagie
Apple Certified Support 10.6, 10.7
Apple Certified Tech. Coordinator 10.6., 10.7
 
R

roagie

Distinguished
Jan 14, 2010
119
0
18,710
Forgot to mention :p that those instructions will not only tell you if you have flashback or not but will manually remove it.

Sorry, I sometimes forget ....
 
B

Brett928S2

Champion
BANNED
Jan 3, 2012
15,316
0
52,960



Hi :)

Oh they CAN get Viruses...

We get 2 or 3 people a WEEK come into my shops with Macs AND Viruses....

We dont touch them but tell them to buy Norton Anti Virus for Macs....

And Norton wouldnt make it if they couldnt sell it.....

All the best Brett :)
 
musical marv

musical marv

Distinguished
Feb 26, 2011
2,396
0
20,810
I have Sophos AV and nothing I see so far as I scanned all my files yesterday.Thanks
 
H

Hazbot

Distinguished
Jan 19, 2012
89
0
18,640
This virus can technically be easily ported to Windows as it is a Java vulnerability. Looks like I'll need to turn on Javablock just to be sure...
 
R

roagie

Distinguished
Jan 14, 2010
119
0
18,710


Funnily enough windows had already patched this vulnerability over 3 months ago.


In other news, Apple has finally released its canned version of the detection and removal.

The link is for Lion:

http://support.apple.com/kb/DL1517




 
H

homiedontrightclick

Distinguished
Jan 23, 2012
66
0
18,630
I love how all the Windows only guys are having small orgasms with the idea of Mac malware.

Honestly, Apple should have patched it a lot sooner. And anyone who doesn't think that a Mac can get a virus is totally "eating it" right now. But if they thought that they were protected for any reason other than the fact that they were in a smaller demographic and thus targeted less they are probably used "eating it" because they're obviously morons.

I'm a life long Windows user, but I've switched from using Windows to Mac OS X recently knowing that Macs could get viruses. I just got tired of Windows and wanted to try something different. Mac OS X is sick, guys, and its been WAY more stable and reliable than any Windows OS I've ever used, and I've used a lot of them. I haven't had one crash, or needed to restart at all, or even Force Quit a program since I've bought this thing. I also did not get infected with the Flashback Trojan(probably because Lion doesn't come with Java enabled by default, and I never installed it, or because I was lucky, or not doing anything other than regular surfing and mail checking).

Intelligent people buy Macs because they like them, not because they believe idiots and marketing hype. I wish all these Windows only guys would stop thinking EVERY Mac user is a delusional douche bag with more money than sense. Its getting to be a lame, weird assumption I've been running into everywhere, and it just doesn't apply to everyone. Most guys I know that have Macs aren't Mac elitist. I think that might be a thing of the past. In fact, most guys I know that run Macs are life long Windows users, like myself, that just wanted to try something different and happened to like it more. They are usually still running Windows because they still know and love it. I'm certainly in that crowd.

So now that Mac has had some issues, maybe all this Windows Vs Mac stuff will mellow out. Why are people even concerned if they're not using Macs? You've got guys who hate Mac surfing Mac forums just looking to flame. Its strange to me, honestly. Why not help other people with Windows problems/viruses? There sure are enough to go around.
 
musical marv

musical marv

Distinguished
Feb 26, 2011
2,396
0
20,810
You are right sir.It is like the Republicans vs the Democrats help each other not hinder each other.
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom