Is 10.5 vunerable to the Flashback.G Trojan?

Similar Messages

• Is the flashback.39 trojan really infecting Macs?

  Is there any truth to the claim made by an article on Macworld that was posted on April 5th about a Backdoor Flashback.39 Trojan?  They say the Dr. Web says it has infected over 300,000 Macs in the US. 

  I give many people help on this forum and many others, both Mac and Windows.
  Your original Question posted in a Hardware forum was kind of foolish to say the least. A publication like MacWorld would not post an article about Malware without first checking it out. Wouldn't you think? A simple Google search on it turns up 14 Million hits.
  https://www.google.com/webhp?source=search_app#hl=en&sclient=psy-ab&q=flashback+ trojan+mac&oq=Flashback+troja&aq=1&aqi=g-z1g3&aql=&gs_l=hp.1.1.0i3j0l3.1903l1903 l3l4624l1l1l0l0l0l0l77l77l1l1l0.frgbld.&pbx=1&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.,c f.osb&fp=c541f35354c9590f&biw=1280&bih=939
  Just on the first page of the results there are several hit from different New Pubs about it. Are they all wrong, Lying.
  Why not contact Macworld and ask them if they are posting Lies about this.
  Sorry if I offended you BUT.

• I have an iMac running OS 10.4.11. How can I check to see if I have the Flashback Trojan (and remove it, if I have it)? IMy Safari is also crashing frequently. Any suggestions?

  I have an iMac running OS 10.4.11. How can I check to see if I have the Flashback Trojan (and remove it, if I have it)? IMy Safari is also crashing frequently. Any suggestions?

  Hi Barry, is this an Intel iMac, or a PPC iMac?
  Disable Java in your Browser settings, not JavaScript.
  http://support.apple.com/kb/HT5241?viewlocale=en_US
  http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
  http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
  Flashback - Detect and remove the uprising Mac OS X Trojan...
  http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
  In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
  /Library/Little Snitch
  /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
  /Applications/VirusBarrier X6.app
  /Applications/iAntiVirus/iAntiVirus.app
  /Applications/avast!.app
  /Applications/ClamXav.app
  /Applications/HTTPScoop.app
  /Applications/Packet Peeper.app
  If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
  http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
  http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
  The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
  https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site
  More bad news...
  https://www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Explo its_Targeted_Attacks_and_Possible_APT_link
  Removal for 10.5...
  http://support.apple.com/kb/DL1534

• HT5244 how do i know if the flashback malware is on my system?

  how do i know if the flashback malware is on my system?  And how can i get rid of it.?
  I cant upgrade to a higer os.. becouse my powermac does not have intel.. processors.
    Modelnaam:          Power Mac G5 Quad
    Modelaanduiding:          PowerMac11,2
    Processornaam:          PowerPC G5 (1.1)
    Processorsnelheid:          2.5 GHz
    Aantal processors:          4
    L2-cache (per processor):          1 MB
    Geheugen:          8 GB
    Bussnelheid:          1.25 GHz

  X423424X wrote:
  For some, if not complete peace of mind, go to F_Secure's Flashback Removal Tool web page, download their Flashback trojan detection/removal tool, and follow the instructions you find there.
  Turns out their tool won't run on a PPC Mac (unless you extract and modify the AppleScript so it will run the shell script).
  The only one I know of that does is Norton's. I glanced over it and gave it a test run. Looks OK, but I cannot attest to how well it might work.
  And as has already been said, nobody we've run into here using a PPC Mac has been shown to be infected and all the samples I have been able to examine contained Intel only executables.

• "What to do now if I had the Flashback Trojan?"

  I just did a software update (was overdue) that included the java security fix, and was immediately informed that the "OSX.FlashBack.iv" malware was found and removed.
  Does anyone happen to know how serious a threat the malware presents, how to assess any potential damage it may have done, and what I might do to minimize any after-the-fact damage?

  MadMacs0 wrote:
  I'm pretty sure I would go to all the sites I could remember signing into that had significant financial data of mine on them and change my passwords. If I used the same password on multiple sites (I don't) I would change all those, as well. I already check all my transactions on a daily basis due to a mysterious Credit Card compromise a few months back, but if I wasn't, I would do that. A site called mint.com (run by Intuit) makes it easy to see everything at once, but the in order to do that I have to provide significant information to them.
  I did go to all of my credit card/bank account sites and changed my user names and passwords. And this time, I'll print the info out, but won't do what I've done before (which was to store that info in a spreadsheet that I had saved to my drive).
  As far as mint.com or any other third party is concerned (including the online backup-service companies), I simply don't trust them and/or don't have high enough confidence in the security measures they have in place to hand over my personal info.
  I would certainly endorse the use of Little Snitch as being worth the time, money and effort to install, setup and maintain. It's not for everyone, but I've used it for years to keep track of what information leaves my computer. During the period when it first alerted users to the existence of the Flashback "N" variant I gained new respect for it's capability.
  Thinking about Little Snitch again...I think I read somewhere that FlashBack checks out the system it has targeted and doesn't install itself if it detects the presence of Little Snitch. (If true, I don't know how FlashBack got into my system.) 

• Does the Flashback malware have an effect on OS X systems without java installed?

  Does the Flashback malware have an effect on OS X systems without java installed? Just asking since i do not have java installed...

  It's not likely, but better safe than sorry. See
  Helpful Links Regarding Flashback Trojan
  Visit Thomas Reed's site for insight and help: Mac Malware Guide
  A Google search can reveal a variety of alternatives on how the remove the trojan should your computer get infected. This can get you started. However, be careful about what you do as new variants of the malware circumvent the efforts of earlier tools.
  Also see Apple's article About Flashback malware.
  Apple has released Java updates for Snow Leopard and Lion users:
  Java for OS X Lion 2012-003; available only for users of Lion with Java installed.
  Java for Mac OS X 10.6 Update 8; available only for users of Snow Leopard.
  Flashback malware removal tool; available only for users of Lion without Java installed.
  Install whichever shows up in Software Update. It removes the malware (if present), updates Java (if present) and tightens up Java settings for the future.  You may download from Apple's web site instead of using Software Update, but it's important to know which one to get, because the other two won't work for you.
  For the truly paranoid see 10 Simple Tips for Boosting The Security Of Your Mac.

• Why the flashback log'size smaller than the archived log ?

  hi, all . why the flashback log'size smaller than the archived log ?

  Lonion wrote:
  hi, all . why the flashback log'size smaller than the archived log ?Both are different.
  Flash logs size depends on parameter DB_FLASHBACK_RETENTION_TARGET , how much you want to keep.
  Archive log files is dumped file of Online redo log files, It can be either size of Online redo log file size or less depending on online redo size when switch occurred.
  Some more information:-
  Flashback log files can be created only under the Flash Recovery Area (that must be configured before enabling the Flashback Database functionality). RVWR creates flashback log files into a directory named “FLASHBACK” under FRA. The size of every generated flashback log file is again under Oracle’s control. According to current Oracle environment – during normal database activity flashback log files have size of 8200192 bytes. It is very close value to the current redo log buffer size. The size of a generated flashback log file can differs during shutdown and startup database activities. Flashback log file sizes can differ during high intensive write activity as well.
  Source:- http://dba-blog.blogspot.in/2006/05/flashback-database-feature.html
  Edited by: CKPT on Jun 14, 2012 7:34 PM

• I have not been able to find any information re: the Flashback virus and Apple remedies on the Apple website.  Am I missing something?

  I have not been able to find any information re: the Flashback virus on the Apple website.  Has Apple put out anything on this?

  The ‘Flashback Trojan’:
  A version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings. The most recent versions bypass any user action and automatically installs itself after an affected website is visited.
  http://www.appleinsider.com/articles/11/10/19/fake_adobe_flash_malware_seeks_to_ disable_mac_os_x_anti_malware_protection.html
  (Adobe is aware of malware posing as its Flash Player and warns users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc). If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.")
  Flashback Trojan - Prevention of infection:
  In order to prevent a potential infection with “Flashback” Trojans, Mac users should always obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Safari Preferences/General to avoid automatically running files downloaded from the Internet. Also, do not turn on Java in Safari Preferences/Security. Few websites use Java. Javascript is something entirely different and should be left active.
  The Flashback Trojan does not affect PPC (non-Intel) Macs, nor has it been noted to affect users running Tiger OS 10.4.11 or Leopard OS 10.5.8.
  Last, but by no means least, using Open DNS is the simplest way of preventing infection in the first place. Open DNS also protects against phishing attacks, re-directs, speeds up your internet connection, and works for all users of OS X from Tiger upwards:
  http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /
  How to get it:
  https://store.opendns.com/get/home-free
  Flashback Trojan - Detection and Removal
  Users with Intel Macs running Snow Leopard OS 10.6 or Lion OS 10.7 should ensure that they have downloaded all the recent Java updates from Apple, which are designed to prevent infection and also remove any infection already present.
  New Macs running Lion do not have either Flash Player nor Java installed. If you running Lion and have not already downloaded and installed Java, you should download the ‘Flashback malware removal tool’ from Apple:  http://support.apple.com/kb/HT5246  (356KB) which includes the same code as the Java update that plugged a security hole which allowed the malware to automatically install itself without admin authorization.
  You can also use this to check whether you have been infected (for Intel Macs only) and remove it if required:
  http://www.macupdate.com/app/mac/42571/anti-flashback-trojan
  Flashback Trojan - Detection, and how to remove (with caution) if you are running other browsers than Safari:
  http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

• Deleting the flashback recovery area and the files (Oracle 10g on Solaris 8

  Hi,
  We have a dev. db which is small about 3 gb in all (crd files). for this I had enabled flashback and also put it in archivelog mode. then the db_recovery_file_dest_size grew to 3 gb. since space is an issue, I turned off the flashback feature. (by the command: ALTER DATABASE FLASHBACK OFF;)
  Tomorrow I will also make it into noarchivelog mode. My question is: it is having lots of archived logs (may be 3 gb or more) in the flashback recovey area. What is the correct syntax to delete them? There is a warning in alert log which says that use RMAN delete command but I am not aware of exact syntax.
  Thanks
  Nirav

  You can use variations of delete. (As you say there are many files, incude noprompt)
  Once the database goes into noarchivelog mode, the archived redo logs are essentially worthless. They would be useful/necessary if you wanted to restore the database to a point in time prior to going noarchive, but if you don't need that, the two ways you are looking at deleting (depending how you go about it) are at the OS level and within the database (what Oracle knows or remembers about the archived redo logs and where they were sent to via the arch process). The RMAN approach is cleaner, assuming you were using that.
  http://download.oracle.com/docs/cd/B19306_01/backup.102/b14192/maint009.htm#sthref776
  Delete unnecessary files from the flash recovery area using the RMAN DELETE command. (Note that if you use host operating system commands to delete files, then the database will not be aware of the resulting free space. You can run the RMAN CROSSCHECK command to have RMAN re-check the contents of the flash recovery area and identify expired files, and then use the DELETE EXPIRED command to remove missing files from the RMAN repository.)

• What does the community recommend as an appropriate response in light of reports that "an estimated 600,000 or more Macs are currently compromised and part of a massive botnet thanks to the Flashback Trojan."  Is Apple taking steps to mitigate the threat?

  What does the community recommend as an appropriate response in light of reports that "an estimated 600,000 or more Macs are currently compromised and part of a massive botnet thanks to the Flashback Trojan."  Is Apple taking steps to mitigate the threat?
  See article in PC World at:  http://www.pcworld.com/businesscenter/article/253403/mac_malware_outbreak_is_big ger_than_conficker.html
  I have a MacBookPro and my wife has an iMac. I assume both are equally vulnearble.
  MLSCOS

  There are checks one can perform to see
  1: If any of their machines have been seen on the Flashback botnet
  http://public.dev.drweb.com/april/
  2: Terminal commands to see if their machine is infected (use copy and paste, then press enter)
  https://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
  3: Preventative methods to avoid becoming infected.
  Update Java via Software Update.
  Disable Java in all your web browsers preferences (notice Java is not Javascript)
  Check your status of all browser plug-ins
  https://www.mozilla.org/en-US/plugincheck/
  Firefox + NoScript add-on + Temp Allow All Button on Firefox's toolbar to turn on scripts only on sites you trust.
  Learn how to make bootable clones, this way a complete erase can occur and a reverse clone done.
  https://discussions.apple.com/community/notebooks/macbook_pro?view=documents
  4: Resources if one is infected
  Data Recovery, wiping entire machine, reinstalling OS X, returning clean files, etc.
  https://discussions.apple.com/community/notebooks/macbook_pro?view=documents

• What can I safely recover from Time Machine if I have the Flashback Trojan?

  I have recently found out that my iMac has been infected with the Flashback trojan.  I followed the commands from F-Secure to remove it from my computer however I'm not happy with this solution.  I am going to erase my hard drive and re-install the operating system.  I would then like to restore some of my folders using Time Machine.  However, before I do any of that I would like to know if it's safe to restore from my Home folder the following folders; Movies, Music, and Pictures.  Also, is it safe to recover databases from Address Book and iCal, and accounts from Mail and bookmarks from Safari?
  I apologize if this question is in the wrong category and I would like to thank anyone in advance that may be able to help, as it's much appreciated!

  Plug an external drive into the computer and use that to expand data onto.
  http://pondini.org/TM/16.html

• HT5246 I just run the Flashback malware removal tool, and then nothing happens. Will it be a problem? and if I have java installed and I disabled it during the installation, will my status as my machine has not java installed? thanks.

  I just run the Flashback malware removal tool, and then nothing happens. Will it be a problem? and if I have java installed and I disabled it during the installation, will my status as my machine has not java installed? thanks.

  Will it be a problem?
  No.
  ...if I have java installed and I disabled it during the installation, will my status as my machine has not java installed?
  Java is still installed.

• Remove the flashback logs in EBS envoirnment.

  Hi,
  In my production database(primary) machine flashback is ON.
  So, logs are creating in following directory:
  /d01/silprod/SILP/db/apps_st/data/archives/SILP01_SER/flashback
  In my physical standby database flashback is OFF.
  So, My question is that:
  Can I remove the flashback logs from production safely?
  Thanks.

  Hi,
  How to identified that which archive logs no longer needed and can delete, and how to reclaim the archive space?
  Is below steps are correct?
  Archive location: /d01/silprod/SILP/db/apps_st/data/archives/SILP01_SER/archivelog
  Archive files name like: o1_mf_1_894_5jpkly8k_.arc -------------> Sequence#=894
  Archive Size occupied:
  > du -sh archivelog/ ------------> 2.7G archivelog/
  STEP#1:
  SQL> SELECT THREAD#, SEQUENCE# FROM V$LOG WHERE STATUS='CURRENT'; -----------> RESULT: THREAD#=1 AND SEQ$= 894
  SQL> ALTER SYSTEM ARCHIVE LOG CURRENT;---------------->DONE
  SQL> SELECT THREAD#, SEQUENCE# FROM V$LOG WHERE STATUS='CURRENT'; -----------> RESULT: THREAD#=1 AND SEQ$= 895
  Confirm the current file have been applied to the standby database with the below query
  SQL> SELECT MAX(SEQUENCE#) FROM V$LOG_HISTORY; -----------------> RESULT: THREAD#=1 AND SEQ$= 894
  Step#2:(Memory)
  > delete unwanted archive log files from disk (rm, del commands)---------> all archives files deleted expected of PROD_1_894.arc
  RMAN> crosscheck archivelog all; - marks the controlfile that the archives have been deleted
  RMAN> delete expired archivelog all; - deletes the log entries identified above.
  But, How to identified that which flashback files no longer needed and can delete, and how to reclaim the flashback space?
  Flashback location: /d01/silprod/SILP/db/apps_st/data/archives/SILP01_SER/flashback
  Flashback files name like: o1_mf_5jlc8gb0_.flb, o1_mf_5jlcb2bv_.flb etc ------------> how to identified which file(File Name has no sequence#) should I delete?
  Flashback Size occupied:
  > du -sh flashback/ ------------> 3.5G flashback/

• HT4651 What do I need to know about the Flashback Trojan?

  Reading about the Flashback Trojan malware. How can I check to see if I'm infected? Could it be what's causing Youtube to run badly?

  A good place to start is looking over the other numerous threads on the subject. Please look to your right under More Like This and you will find many other threads.

• Snow Leopard and the Flashback Malware

  I am visiting my elderly mother and (like an idiot) responded to a prompt to update Adobe Flash last night. I have checked for the presence of DYLD_INSERT_LIBRARIES per C|Net's article on how to detect and remove the Flashback malware and it is not present in Mac OSX, Safari or Firefox. Can I relax? Do I still need to completely disable Flash in Preferences? She does not see well and is trained to automatically update via Software Update for Mac.
  Also, her computer is running VERY slow. Any ideas on how to troubleshoot the speed?
  Thanks in advance for any help!  Happy Mother's Day!
  Marsue
  Her iMac:
    Model Name:          iMac
    Model Identifier:          iMac5,1
    Processor Name:          Intel Core 2 Duo
    Processor Speed:          2.16 GHz
    Number Of Processors:          1
    Total Number Of Cores:          2
    L2 Cache:          4 MB
    Memory:          1 GB
    Bus Speed:          667 MHz
  Running Snow Leopard 10.6.8

  If you have installed the appropriate security updates then you computer is protected. See
  Helpful Links Regarding Malware Protection
  An excellent link to read is Tom Reed's Mac Malware Guide.
  Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
  See these Apple articles:
     Mac OS X Snow Leopard and malware detection
     OS X Lion- Protect your Mac from malware
     OS X Mountain Lion- Protect your Mac from malware
     About file quarantine in OS X
  If you require anti-virus protection I recommend using ClamXav.
  Mac OS X Snow Leopard and malware detection.