Huffington Post article on new "trojan", real or hoax?

Discussion of general issues, not related to a specific Mac or iDevice operating system.
jest2dogs
Forum Member - Level 3
Forum Member - Level 3
Posts: 179
Joined: Tue Apr 26, 2011 11:06 pm

Huffington Post article on new "trojan", real or hoax?

Post by jest2dogs » Thu Apr 05, 2012 5:50 pm

An iPad user friend of mine emailed me this link. When I opened said link another box opened saying there was an update available for Adobe Flash Player. The notice was not from my "download folder but "apparently" direct from Adobe.

http://www.huffingtonpost.com/2012/04/0 ... 1333651735

How apropos, a notice of a flashback trojan and a concurrent pop down window It popped down the other night in an unrelated case and I put it off then, too. Tonight after I ignored the box for awhile, it disappeared on it's own.

Won't a valid "update" come through my available update query when I click on the Apple and check for software updates?

Is there any validity to this "trojan?" I note that the notice and story give no indication what the trojan does, but there are links away from the Huffington site (which alarm me in themselves) to other sources.

Thanks,
Jesse

User avatar
Richard Serkes
Forum Member - Level 5
Forum Member - Level 5
Posts: 1010
Joined: Thu Mar 31, 2011 9:21 pm
Location: Port Angeles, WA

Re: Huffington Post article on new "trojan", real or hoax?

Post by Richard Serkes » Thu Apr 05, 2012 10:18 pm

Adobe Flash Player will not appear in your Systems Prefences/Software Update because Adobe got on the fightin' side of Steve Jobs. You have to handle all updates for Flash Player manually. You probably have it set to automatically tell you if an update is available which is why you saw that message on your screen.

To play it safe, go directly to the Abobe website and download the update from there and then do the installation yourself. In that way you know you're not being targeted or at least made a victim of some malware.
---
Always burn your bridges. You never know who's coming up from behind.

jest2dogs
Forum Member - Level 3
Forum Member - Level 3
Posts: 179
Joined: Tue Apr 26, 2011 11:06 pm

Re: Huffington Post article on new "trojan", real or hoax?

Post by jest2dogs » Thu Apr 05, 2012 11:41 pm

Thanks Richard!

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3042
Joined: Thu Apr 07, 2011 10:09 am

Re: Huffington Post article on new "trojan", real or hoax?

Post by Stephen Hart » Fri Apr 06, 2012 6:05 am

As far as I know the only third-party software ever updated by Software Update are printer drivers, which are supplied by the manufacturers to Apple.
All other software supplied by Software Update is Apple's own, either OS related or Apple apps. (Apps you buy from the Mac App Store are updated only by the Mac App Store.)

Apple has never distributed Flash, even before Steve Jobs publicly dumped on it.

Adobe has to patch Flash player regularly because it's a big target of malware makers and hackers. Ditto Adobe Reader.

Apple's Java update from 04/03 (2012-001)patches a key vulnerability in Java. They've now supplied a new Java update (2012-002), but haven't updated their explanatory page yet to show exactly what it fixes.

Note that this is the Java software, and has nothing to do with javascript, which also has security vulnerabilities from time to time.

I should also note that Google's Chrome browser contains Flash Player built in. That doesn't make it any safer, and it has to be updated for the same vulnerabilities as Flash Player for Safari and other browsers.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

8string
Forum Member - Level 1
Forum Member - Level 1
Posts: 23
Joined: Thu Jul 21, 2011 8:41 pm

Re: Huffington Post article on new "trojan", real or hoax?

Post by 8string » Fri Apr 06, 2012 7:57 am

Jesse, adobe updates are separate. The come in a red and grey notification box. The trojan does not.

Yes, this is the long anticipated trojan for the virtually unprepared Mac community. If you don't have anti-virus software on your mac, First, follow the details of how to find out if you are infected. If it's too technical, contact one of us in the group, and i recommend that we offer a free clinic later this month to help Mac users who can't do it, AND atone for the sin of hubris in believing the mac was invulnerable. This is a serious backdoor threat, as it records your keystrokes, then ships them who knows where. I recommend that No One use their mac for banking until they know for certain they are Not infected. time for the community to get an antivirus package that protects you from this.

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3042
Joined: Thu Apr 07, 2011 10:09 am

Re: Huffington Post article on new "trojan", real or hoax?

Post by Stephen Hart » Fri Apr 06, 2012 8:13 am

If you'd like to turn Java off entirely, here's a post from a Macintouch reader on how to do that.
Antony Gravett
I am supporting a small all-Mac company, and the instructions in the various links you provided were great but added a lot of confusion to the question, "how do I just turn Java off?"
Here is what I asked our group to do, because it was the simplest way to turn off Java at the source, so to speak:
1. Quit any web browsers you have open (e.g., Safari or Firefox), and then open the application Java Preferences " it is in Applications > Utilities (you can also find it quickly by typing "Java" into Spotlight). If you are running OSX Lion, you may not have this application installed, which indicates that Java is not installed on your machine, and you don't need to follow the rest of this procedure.
2. On the General sub-tab that displays in Java Preferences, uncheck all the checkboxes, including the one next to "Enable applet plug-in and Web Start applications" and any to the left of each Java version listed.
3. Quit the Java Preferences application (the bottom menu item in the Java Preferences menu, or Command+Q). It's not essential, but I would suggest that you restart your computer as a final step.
Tony
And here's a page showing how to use Terminal to check to see if you've installed this malware, and how to remove it. Be very careful of Terminal. Copy and paste the commands, rather than trying to retype them.

http://www.f-secure.com/v-descs/trojan- ... ck_k.shtml

If you're not infected, you need to copy and paste only two commands.

Note that like a number of other Mac malwares, this one requires the user to install something before it can act. There's nothing very new here. This trojan horse used Java, but any app you download and install can carry malware.
Last edited by Stephen Hart on Fri Apr 06, 2012 8:28 am, edited 1 time in total.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3042
Joined: Thu Apr 07, 2011 10:09 am

Re: Huffington Post article on new "trojan", real or hoax?

Post by Stephen Hart » Fri Apr 06, 2012 8:27 am

8string wrote:AND atone for the sin of hubris in believing the mac was invulnerable. This is a serious backdoor threat, as it records your keystrokes, then ships them who knows where. I recommend that No One use their mac for banking until they know for certain they are Not infected. time for the community to get an antivirus package that protects you from this.
You've posted this kind of comment before and I just don't see it as helpful. Who's ever claimed the Mac was invulnerable? Certainly no one in SMUG.

No antivirus package can protect from this kind of threat. First, this isn't a virus, it's a trojan horse. Second, no software can predict what new trojans or viruses will be produced. They can only help after the threat has been identified and incorporated into the software.
As far as I've seen, Java vulnerabilities (patched twice in the last three days by Apple) have nothing to do with banking. If a criminal has a key logger installed, anything you do on your Mac could reveal financial information or other private information.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Richard Serkes
Forum Member - Level 5
Forum Member - Level 5
Posts: 1010
Joined: Thu Mar 31, 2011 9:21 pm
Location: Port Angeles, WA

Re: Huffington Post article on new "trojan", real or hoax?

Post by Richard Serkes » Fri Apr 06, 2012 9:08 am

Amen Brother Stephen, amen! 8string, I just stepped outside and the sky is not falling.

Now then, for those of us who are a bit on the paranoid side let me recommend 1Password. Not only will 1Password generate a complicated password for you but it defeats any keystroke capture malware because 1Password enters your password for you WITHOUT creating any keystrokes and will even "tap" the RETURN key for you getting you into your website of choice. This means that if you have a keystroke capture malware program on your Mac (not likely but not impossible) there are no username and password keystrokes to capture.

1Password is a sponsor of SMUG and offers us a nice discount. Just go to our welcome page at www.straitmac.org and click the 1Password icon on the right and you'll go to the appropriate website for downloading. By the way, 1Password also runs on the iPad and iPhone and you can play with it for 30 days to see if you like it.
---
Always burn your bridges. You never know who's coming up from behind.

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3042
Joined: Thu Apr 07, 2011 10:09 am

Re: Huffington Post article on new "trojan", real or hoax?

Post by Stephen Hart » Fri Apr 06, 2012 9:54 am

I'm sure I could find this out on their web site, brother Richard, but does 1Password also store regular passwords and other information in a secure way? I know there are applications that do that for you. (You can use Keychain for that purpose on the Mac, but it's not portable.)
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Richard Serkes
Forum Member - Level 5
Forum Member - Level 5
Posts: 1010
Joined: Thu Mar 31, 2011 9:21 pm
Location: Port Angeles, WA

Re: Huffington Post article on new "trojan", real or hoax?

Post by Richard Serkes » Fri Apr 06, 2012 11:39 am

Stephen Hart wrote:I'm sure I could find this out on their web site, brother Richard, but does 1Password also store regular passwords and other information in a secure way? I know there are applications that do that for you. (You can use Keychain for that purpose on the Mac, but it's not portable.)
Absolutely. It will store all your usernames and passwords whether or not you generated them or 1Password did. It also securely keeps financial information like credit card numbers. Furthermore, it has an area that securely keeps licenses for software or anything else.

Once I use it to log on to a commercial website without any keystrokes I can use it securely to fill in the credit card information (again, without any keystrokes).

I can't imagine not having this or a similar program on my iMac. I selected 1Password because I can also use it on my Macbook, iPhone and iPad. Everything automatically syncs via several options. You just choose the one that works best for you. Oh, 1Password generates it's own keychain which is much more secure than Mac OS keychain.

They have a free 30-day trial offer. Give it a try and see if you like it.
---
Always burn your bridges. You never know who's coming up from behind.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest