Flashback virus

  I just heard about a Trojan Horse originating in Russia called Flashback. Has a patch been sent out for the fix on Macs.

Yes, the recent Java update issued by Apple a day or two ago was intended to do that.
You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:
https://discussions.apple.com/docs/DOC-2435
The User Tip (which you are welcome to print out and retain for future reference) seeks to offer some guidance on the main security threats and how to avoid them.
Bear in mind that from April to December 2011 there were only 58 attempted security threats to the Mac - a mere fraction compared to Windows malware:
http://www.f-secure.com/weblog/archives/00002300.html
(I have ClamXav set to scan incoming emails, but nothing else.)
To which I will add (about the Flashback Trojan):
You should be able to prevent infection by disabling Java (not Javascript) and also turning off 'Open safe files after downloading' in Safari Preferences/General.
Flashback Trojan - Detection, and how to remove (with caution):
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

Similar Messages

  • I have os 10.5.8 and safari 5.0.6 and websites are coming very strange. Do I have flashback virus? When I use firefox they come up normal. what can I do?

    I guess I put all info at top, sorry. Websites are displaying strange. When I use firefox they come up normal. Do I have flashback virus? what do I do to correct problem.

    Thank you both for responding . After my posting I kept digging, I now know I don't have flashback. But, as to the strange part the pdf will  show. Before problem that started about 2 weeks ago. The content was spread across the web page now it's all to the left going straight down. Also each action I get a slow script message and action is only completed when I hit cancel.
    file:///Users/daniellacevedojr/Desktop/What%20is%20eMusic.pdf
    I hope this gives you more insight.
    Thank you for your attention.

  • Fix for CS5 & CS6 Hangs with Flashback Virus??

    I recently found that my imac was infected with the Flashback Virus.
    Ever since then, both CS5 and CS6 hang when trying to open them from Lightroom 4 or 3 using 'edit in.'
    This is isolated to my imac since Lightroom 3 & 4 work as expected with CS5 & 6 with my macbook.
    I have an appt with the Geniuses at the Apple Store tomorrow to delete the virus (Norton can identify it, but can't delete it.  So what are they good for?).
    My questions are:
    1.  Should I ask the experts at Apple to do anything in particular that can affect this problem, or
    2. Will a simple 'uninstall'/'reinstall' for LR and CS5 & 6 be sufficient?
    Recommendations from the Adobe experts will be greatly appreciated.
    Chris Bernhardt

    Oh well, the story continues (after I confirmed that CS5 works as expected after an 'uninstall/reinstall').
    I deleted the CS6beta and then reinstalled it.
    I then tried launching it from LR4 and CS6 hangs. 
    I then tried is from LR3 and CS6 works.
    I then loaded LR4.1 and tried to launch it (all by itself) and LR4.1 hangs (never finishes loading the last photo viewed prior to quitting LR4).
    I then deleted LR4.1 and reloaded LR4.0.
    LR4.0 launched and it successfully launched CS5.
    My conclusion - on my system there are two problems - one where LR4.1hangs and then another where CS6 hangs when trying to launch from LR4.0.
    So for now, I'll continue to use LR4.0 and CS5.
    I hope this helps with the development of LR4.1 and CS6.
    I'll post this separately so it comes to the attention of other members of the Adobe team
    Chris

  • I have not been able to find any information re: the Flashback virus and Apple remedies on the Apple website.  Am I missing something?

    I have not been able to find any information re: the Flashback virus on the Apple website.  Has Apple put out anything on this?

    The ‘Flashback Trojan’:
    A version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings. The most recent versions bypass any user action and automatically installs itself after an affected website is visited.
    http://www.appleinsider.com/articles/11/10/19/fake_adobe_flash_malware_seeks_to_ disable_mac_os_x_anti_malware_protection.html
    (Adobe is aware of malware posing as its Flash Player and warns users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc). If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.")
    Flashback Trojan - Prevention of infection:
    In order to prevent a potential infection with “Flashback” Trojans, Mac users should always obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Safari Preferences/General to avoid automatically running files downloaded from the Internet. Also, do not turn on Java in Safari Preferences/Security. Few websites use Java. Javascript is something entirely different and should be left active.
    The Flashback Trojan does not affect PPC (non-Intel) Macs, nor has it been noted to affect users running Tiger OS 10.4.11 or Leopard OS 10.5.8.
    Last, but by no means least, using Open DNS is the simplest way of preventing infection in the first place. Open DNS also protects against phishing attacks, re-directs, speeds up your internet connection, and works for all users of OS X from Tiger upwards:
    http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /
    How to get it:
    https://store.opendns.com/get/home-free
    Flashback Trojan - Detection and Removal
    Users with Intel Macs running Snow Leopard OS 10.6 or Lion OS 10.7 should ensure that they have downloaded all the recent Java updates from Apple, which are designed to prevent infection and also remove any infection already present.
    New Macs running Lion do not have either Flash Player nor Java installed. If you running Lion and have not already downloaded and installed Java, you should download the ‘Flashback malware removal tool’ from Apple:  http://support.apple.com/kb/HT5246  (356KB) which includes the same code as the Java update that plugged a security hole which allowed the malware to automatically install itself without admin authorization.
    You can also use this to check whether you have been infected (for Intel Macs only) and remove it if required:
    http://www.macupdate.com/app/mac/42571/anti-flashback-trojan
    Flashback Trojan - Detection, and how to remove (with caution) if you are running other browsers than Safari:
    http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

  • How do I remove flashback virus (FBI.Cybercrimes malware)?

    How do I remove the flashback virus on OS X &
    7.5?

    What makes you think you have the Flashback? As far as I know, it is extinct, and it can't be picked up now. Besides that, it never affected anything iOS. Even if for some reason, you were infected, it won't do anything because the C&C servers to which infected machines were "slaved" are gone.
    Not sure if this will run on your Mac, whatever OS you are running, but it can't hurt.
    http://support.apple.com/kb/dl1517
    http://support.apple.com/kb/dl1517

  • Has anyone been affected by the trojan flashback virus?

    Has anyone been affected by the Trojan Flashback virus? If so, how did you know?

    Thanks for letting us know about this. Firefox now has an easy tool that gets rid of things like this. Read about it here - [[Reset Firefox – easily fix most problems]]

  • Is there anyway i can find and remove the flashback virus because i find the manual instructions too complicated HELP!!!!

    HELP is there anyway i can find and remove the flashback virus because i find the manual instructions too complicated HELP!!!! common the manual instructions are far too complicated for the average user. I just downloaded the SOPHOS anti-virus will that find and remove it

    How deal with FLASHBACK trojan?

  • HT5244 If "flashback malware removal tool" was in your software updates...does that mean you have the flashback virus?

    If "flashback malware removal tool" was in your software updates...does that mean you have the flashback virus?

    carol afromfl wrote:
    If "flashback malware removal tool" was in your software updates...does that mean you have the flashback virus?
    No, it just means that you are running Lion and do not have Java installed. The update will simply check for any previous infection and let you know if it finds anything. If it doesn't find anything it will quit without any notices. In either case, it will then delete itself and you can sleep easy until the next one comes along.

  • Flashback virus here.... now gone ???

    Hi all,
    I recently posted one of the trillions of discussions regarding the Flashback virus here:
    file://localhost/Users/michaelm/Desktop/Power%20PC%20apps%20crash%20on%20startup %20in%20OS...-%20Apple%20Support%20Communities.webloc
    I confirmed that my 10.5.8 Leopard run Mac Pro did indeed have the virus.  All the behaviors were there: Power PC/Rosetta run apps were crashing on start up and the Terminal utility showed the presence of the dreaded DYLD_INSERT_LIBRARIES.  After that, I was out of town for about a week and the Mac Pro was shut down for that period and upon my return, I was to wipe and reinstall to start fresh.  While away, I read some more articles about the virus and some remedies and removal techniques, so I returned home hopeful that the wipe and reinstall would not be necessary.
    But.... when I fired up the Mac Pro today after a week of being shut down, it seems the virus was gone.  ???  Is this possible?  I entered the following lines in Terminal and got 'does not exist' on all of them!
    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
    defaults read /Applications/Safari.app/Contents/Info LSEnvironment
    defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
    My older Power PC/Rosetta run apps started up fine with no crashes.  I also turned off Java in Safari preferences.  So the question is, what to do now? Should I immediately update to 10.6 Snow Leopard (I have too many Rosetta run apps right now to shift to Lion) and get all native softwares up to date?  I would imagine that Snow Leopard would be safer at this point than my old Leopard.  Should I install a Mac virus protection app as well?  Should I also keep Java OFF at all times?
    Thanks! Mike

    Hi Mike, this thing is changing, so it may even move itself around, or uninstall some things to hide or change itself.
    Disable Java in your Browser settings, not JavaScript.
    http://support.apple.com/kb/HT5241?viewlocale=en_US
    http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
    http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
    Flashback - Detect and remove the uprising Mac OS X Trojan...
    http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
    In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
    /Library/Little Snitch
    /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
    /Applications/VirusBarrier X6.app
    /Applications/iAntiVirus/iAntiVirus.app
    /Applications/avast!.app
    /Applications/ClamXav.app
    /Applications/HTTPScoop.app
    /Applications/Packet Peeper.app
    If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
    http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
    http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
    The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
    Check now whether your Mac is infected by Backdoor.Flashback.39!
    http://public.dev.drweb.com/april/

  • My internet provider informed me my Mac has been infected with a Flashback virus.  How do I remove it?  I have Macbook OSX 10.5.8

    My internet will be cut off in 48 hours unless I remove this virus.  I got an e-mail saying I was infected with this flashback virus.  I called Rogers to confirm that it wasn't a phishing e-mail and it is legitimate.  The only thing they did was give me numbers to a paid technical support line, I'd prefer not to call and pay.  I went online and found a tutorial for removing it using Terminal, which I tried and got the error messages which apparently means I'm not affected.  Help!  How do I remove this virus before my internet gets cut off?
    I am operating a MAC OSX 10.5.8 software system on my macbook

    Maybe
    F-Secure's Flashback removal tool - http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml - supposedly also works on OSX 10.5 and earlier.
    Something you should consider is upgrading to Snow Leopard since then you (for at least a few more months) will still get security updates from Apple which would cover this issue.
    Snow Leopard 10.6 Technical Requirements - http://support.apple.com/kb/SP575 - note by K Shaffer - http://discussions.apple.com/message/12921514 : "Some early Intel-based Macs can't use Snow Leopard 10.6 installers; of those, the Core Duo (not 2 duo) were suspect and had issues." - and a qualifier by "a brody" http://discussions.apple.com/message/13028822 : "I think that refers to the ones without at least 1 GB of RAM."
    Macs and Software that will run with Snow Leopard (Mac OS X 10.6.x) - https://discussions.apple.com/docs/DOC-2455
    A Mac OS X 10.6 Snow Leopard Application Compatibility List - http://snowleopard.wikidot.com/

  • TELUS called us and said they have detected Flashback virus from our MacBook Pro with retina display i just want to ask if this is possible and how can I fix the problem thanks

    TELUS is our Internet provider at home and they called to inform us that they have detected a Flasback virus from our apple MacBook Pro with Retina display is this possible and can you please help us on how we can fix this problem..I just bought my MacBook last August of this year thanks.

    Dabi Ngetet wrote:
    TELUS is our Internet provider at home and they called to inform us that they have detected a Flasback virus from our apple MacBook Pro with Retina display is this possible and can you please help us on how we can fix this problem..
    If your OS is fully up-to-date, that is close to impossible. The Flashback site has not been known to be active since long before August.
    Did you migrate any users from an older system, perhaps? It might have been transferred if that is the case.
    ISP's are famous for mis-diagnosing these things with regard to Macs, so you might want to challenge them to provide you with their logs and specifics about what they are seeing.
    Is it possible that another device is on your network that could be causing this, either something you own or a neighbor using your network?

  • Is it worth getting Antivirus software for may mac with this threat of the Flashback virus?

    I'm concerned about my mac being infected bu flashback but I don't know if it is worth purchasing antivirus software or not

    Well, if you applied Apple patches for 10.6.8 & up, then no.
    Still pays to be certain with these tips...
    Disable Java in your Browser settings, not JavaScript.
    Flashback - Detect and remove the uprising Mac OS X Trojan...
    http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
    In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
    /Library/Little Snitch
    /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
    /Applications/VirusBarrier X6.app
    /Applications/iAntiVirus/iAntiVirus.app
    /Applications/avast!.app
    /Applications/ClamXav.app
    /Applications/HTTPScoop.app
    /Applications/Packet Peeper.app
    If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
    http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
    http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
    Open DNS also blocks the FlashBack thing...
    http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /
    Try putting these numbers in Network>TCP/IP>DNS Servers, for the Interface you connect with...
    208.67.222.222
    208.67.220.220
    Then Apply. For 10.5/10.6/10.7 Network, highlight Interface>Advanced button>DNS tab>little + icon.
    DNS Servers are a bit like Phone books where you look up a name and it gives you the phone number, in our case, you put in apple.com and it comes back with 17.149.160.49 behind the scenes.  
    These Servers have been patched to guard against DNS poisoning, and are faster/more reliable than most ISP's DNS Servers.
    ClamXAV, free Virus scanner...
    http://www.clamxav.com/
    Free Sophos...
    http://www.sophos.com/products/enterprise/endpoint/security-and-control/mac/
    Little Snitch, stops/alerts outgoing stuff...
    http://www.obdev.at/products/littlesnitch/index.html
    Get MacScan...
    http://www.apple.com/downloads/macosx/networking_security/macscan.html

  • Dr Web Flashback Virus checker accurate?

    Does anyone have any info about how accurate the Flashback checker from Dr Web is? http://public.dev.drweb.com/april
    When I enter my Hardware UUID into the tool I get the following response:
    probably infected by Backdoor.Flashback.39 !
    Timestamp of the first access: 2012-04-03 21:27:19
    Timestamp of the last access: 2012-04-06 17:48:52
    However when I follow the instructions from the F-Secure website to locate and remove the virus (http://community.f-secure.com/t5/Protection/Flashback-Mac-OS-X-Remover/m-p/10887 #M2223) using Terminal, I get the files "do not exist" reponses. 
    I haven't experienced any issues with my computer but figured I'd check to be certain, and now I'm not sure how to proceed.

    jo823 wrote:
    When I enter my Hardware UUID into the tool I get the following response:
    probably infected by Backdoor.Flashback.39 !
    Timestamp of the first access: 2012-04-03 21:27:19
    Timestamp of the last access: 2012-04-06 17:48:52
    Sorry I'm late to the party, but I have way too much going on right now for this...
    My first observation is that this is very recent. As I recall everything we were watching last weekend was installed something like March 23 to March 28. Perhaps we are dealing with an as yet un-named variant.
    Next, from what I understand about this database, all it knows is that something with an identifier that includes an encrypted identifier that includes a UUID is trying to contact one of three Command & Control servers. It has no idea whether or not that Mac has any other files installed, just that one or more steps in the installation process has taken place. That's why they say "probably infected." We've been told that if the process finds certain software installed on that Mac it will abort the process and destroy itself, but I suppose something could go wrong with the destruction leaving the communications module active.
    Last weekend we were alerted to the situation by users who had Little Snitch installed and practically nobody that didn't have it complained. If this is new, I'm sure they have found a way to eliminate the Little Snitch canary again.
    Perhaps some details have been deleted, but there's a lot I don't know about your situation. Do you have Little Snitch installed? Do you recall seeing any dialogs requesting your admin password, certificate approval, anything unusual around around the date and time (although I'm not sure I know what time  zone Dr. Web is using) they first heard something purportedly form your Mac? If so, do you remember whether you approved or dismissed that dialog.
    I've scanned through all the test that were run and they all seemed to have focused on removing a full infection. You've told us that you have Office 2008 installed, so a Type 2 infection probably could not have happened. I think we can rule out a Type 1 infection from the "K" variant, so again it maybe a new one or it aborted and left something behind. I've tried to check all the commands and probably overlooked it, but did anybody check for a hidden executable in the home folder (I doubt that I remember them all from last week but we had .rserv, .mkeeper, .jupdate and I'm sure several others)? I know there were some checks for LaunchAgents, but can't be sure they would have revealed one installed around that date.
    And yes, I can't dismiss the possibility that Dr. Web is wrong or that duplicate UUID's exist. Just thought it might be worth looking a little harder at this since it's apparently our first effort at a Dr. Web positive and possibly something new that we won't read about until the bloggers get back to work after their Easter weekend.

  • HT5056 how to know if my computer has flashback virus

    How can one tell if the computer is infected with the Flashback Malware?

    How deal with FLASHBACK trojan?

  • How are users getting the flashback virus

    I don't have a virus, but I sure don't want to expose my computer.  So how is the virus downloaded?  What do I watch out for?

    Mac OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.
    The most effective defense against malware is your own intelligence. All known malware that affects an up-to-date Mac OS system takes the form of trojans that can only operate if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?
    Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown site, merely in order to use the site, is untrustworthy.
    A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim.
    “Cracked” versions of commercial software downloaded from a bittorrent are likely to be infected.
    Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
    Disable Java (not JavaScript) in your web browser(s). Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in Mac OS X 10.5.8 or earlier, because Java in those versions has bugs that make it unsafe to use on the Internet. Those bugs will probably never be fixed.
    Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
    Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use ClamXav — nothing else.

Maybe you are looking for

  • When I try to create a new folder I get an error code -50

    I am copying files to an external Hard drive.  I want to create a new folder on the external and I get an error code of -50 and no folder is created.  How do I clear the error code so I can create floders?

  • Need to move Elements 10 to new laptop, which has no CD drive

    How do I move my Elements 10 to my new laptop, which has no CD drive? I installed onto my old laptop using discs, which I still have but unless I buy an external CD drive to use with my new laptop, I don't know what to do...

  • 1.6 bug list

    I don't know if anybody from Apple scans this forum, but over on the Digidesign message board they seem to check in so they can be aware of all bugs. I'm new to WB, I love it but it would be great if these small bugs got fixed soon. The two main ones

  • Connection of iPod to iMac - USB or Firewire

    I recently got the 80 gb iPod. It came with a cable that connects to the usb port of the computer. My computer is an iMac G4 so I think it's got the older usb ports (not 2.0). I was wondering if I could obtain a wire that hooks into the iMac's firewi

  • Oracle VM VirtualBox isn't running since OS X 10.9.4 Mavericks last update

    Hi MacBook Air, 1.7 GHz intel Core i5 4GB 1333 MHz DDR3 Made the the latest OS X 10.9.4 update, since then, Oracle VM VirtualBox isn't running. Any suggestions?