End Times Round Table

[flowergirl]

Mac computers have bee attacked with a virus and it is pretty important to read this article.
http://bits.blogs.nytimes.com/2012/04/0 ... nger-safe/

[Hal4511]

Thanks flowergirl for posting this, it deserves watching ...

Let me explain something about Macs that most people don't even realize. The Apple operating system is nothing more than a glorified Linux kernel. Having said that understand that the Windows operating system is akin to a piece of sheet music (windows registry). The Linux kernel or Mac in this case, is akin to a pin cushion. The pins being the programs you stick into it, if the kernel hasn't been compromised and I doubt it has, the Mac computer is not effected at its core. The virus should be easily removable without affecting the underlying system. This is another piece of media hysteria ...

[willow]

 Hate to hear that.....It says you don't even have to DO anything to get the virus

[Hal4511]

Additional Details

Trojan-Downloader:OSX/Flashback.I is dropped by malicious Java applets that exploit the known CVE-2011-3544 vulnerability.

On execution, the malware will prompt the unsuspecting user for the administrator password. Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.

If infection is successful, the malware will modify the contents of certain webpages displayed by web browsers; the specific webpages targeted and changes made are determined based on configuration information retrieved by the malware from a remote server.


Trojan-Downloader:OSX/Flashback.I
Detection Names:        Exploit:Java/Flashback.I, Trojan-Downloader:OSX/Flashback.I, Trojan:OSX/Flashback.I, Backdoor:OSX/Flashback.I
Category:        Malware
Type:        Trojan-Downloader
Platform:        OSX
Summary

Trojan-Downloader:OSX/Flashback.I connects to a remote site to download its payload; on successful infection, the malware modifies targeted webpages displayed in the web browser.
Disinfection

Free Removal Tool

http://www.f-secure.com/weblog/archives/00002346.html

11 April 2012: F-Secure now provides a free removal tool that automates the detection and removal of Flashback variants from an infected machine.

Further information and download of the tool is available in the following Labs Weblog post:

Flashback Removal Tool

Manual Removal

Caution: Manual disinfection is a risky process; it is recommended only for advanced users. Otherwise, please seek professional technical assistance. F-Secure customers may also contact our Support.


Manual Removal Instructions

1. Run the following command in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:

"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"

4. Otherwise, run the following command in Terminal:

grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step2%

5. Take note of the value after "__ldpath__"
6. Run the following commands in Terminal (first make sure there is only one entry, from step 2):

sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment

sudo chmod 644 /Applications/Safari.app/Contents/Info.plist

sudo touch /Applications/Safari.app

7. Delete the files obtained in steps 2 and 5
8. Run the following command in Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:

"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"

10. Otherwise, run the following command in Terminal:

grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step9%

11. Take note of the value after "__ldpath__"
12. Run the following commands in Terminal:

defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

launchctl unsetenv DYLD_INSERT_LIBRARIES

13. Finally, delete the files obtained in steps 9 and 11.

Note: Some Flashback variants include additional components, which require additional steps to remove. Please refer to our Trojan-Downloader:OSX/Flashback.K description for additional information and removal instructions.

http://www.f-secure.com/v-descs/trojan- ... ck_i.shtml

https://discussions.apple.com/thread/38 ... 0&tstart=0

[flowergirl]

I have in the last 3 days received spam mailings from two Mac users who would never send out advertising links to their whole list of email contacts, nevertheless it happened.

[Hal4511]

I have in the last 3 days received spam mailings from two Mac users who would never send out advertising links to their whole list of email contacts, nevertheless it happened.

Yep I received a email via Facebook a few days ago telling me to download a flash update, luckily I was in Linux at the time but malwarebytes will catch it in Windows. This one seems specific to Mac's however ...

[flowergirl]

I do not have Malwarebytes. Is it safe to download from MajorGeeks?

[Hal4511]

Yep and enable the real time protection, its lightweight too not like Norton or Mcafee

[flowergirl]

Thanks!