Huffington Post article on new "trojan", real or hoax?

Discussion of general issues, not related to a specific Mac or iDevice operating system.
8string
Forum Member - Level 1
Forum Member - Level 1
Posts: 23
Joined: Thu Jul 21, 2011 8:41 pm

Re: Huffington Post article on new "trojan", real or hoax?

Post by 8string » Fri Apr 06, 2012 8:16 pm

I know that ignorance is bliss, but please do some rudimentary research before going off half cocked. The trojan is documented to "look" to see if anti virus software was installed and if so, it deleted itself. There's enough unprotected Macs out there that it didn't need to advertise itself by trying to get into a protected system.

Steven you wrote on this board on April 7 2011:
Personally, I wouldn't bother with anti-virus software. Overall, it's more trouble than it's worth. Sometimes a lot more trouble.

For Macs, the serious security threats are not viruses (with one exception, see below)...
I don't know what you base your self assured attitude on, Steven. Help me understand what technical expertise you actually bring to this debate?

There are many people, folks who don't understand a bit of all of this technical stuff, that see you as some kind of 'expert' and that your insistence on not needing anti virus protection is putting them and their bank accounts at risk from being hacked. A simple under $100 software condom called an anti virus software package done by programmers who actually understand the risks and stay up weekends and late nights trying to stay ahead of the bad guys seems to be a simple remedy that you and others continually denounce as not worth the price. You spend top dollar on buying Apple and then leave your "fly open" as it relates to security. An expensive suit with a fly open is still a silly looking person. This is *exactly* the attitude I saw inside Microsoft before the viral attacks of 2001 that led to a total change of culture at MS, including a long shutdown of the developers to learn how to code properly. It cost MSFT tens of millions of dollars to fix that attitude. MSFT was never the same after that, and while still fighting attacks, they take security far more seriously than Apple does (at least in public, as I believe that Apple is very serious about this too,and realizes the danger to their image).

While technically not a virus, all anti-virus software actually checks and does some protection against back door trojans, and this trojan actually checked for anti virus packages before installing. But you can't stop a naive user from accepting an official looking invitation to update what appears to be a normal application.

I don't really care if there are people who don't understand that all OS's are vulnerable, but until now I just didn't point out their lack of knowledge on this issue. I've pointed out before that this is like leaving your house door open and leaving for a month, thinking that no one will walk in. You might get lucky. I don't know about you, but a half a million infected Macs is actually *the sky falling*, especially for the old and naive who are sending their banking passwords and logins to someone in Russia or China. We really don't know the cost or magnitude of this attack, yet. And let me remind our readers," that according to cyber security expert and former White House counter-terrorism advisor Richard Clarke , ... when it comes to U.S. companies. Not only have all the companies been hacked at random, either. They’ve all been hacked by China.
I’m about to say something that people think is an exaggeration, but I think the evidence is pretty strong. Every major company in the United States has already been penetrated by China.
So claims Clarke in a recent Smithsonian Magazine article by Ron Rosenbaum.

So believe it or not...it's a real threat...just like our anticipated 'big one' earthquake. And yes, I have some water and food stockpiled.

And to be clear: I use 1 password, and it is not a substitute for either antivirus software or a proper firewall.

Hope you all have run the terminal line commands to check if you are infected.

By the way, just for the record, neither of my two macs were compromised. Both run Virus Barrior X6 and have for years.

jest2dogs
Forum Member - Level 3
Forum Member - Level 3
Posts: 179
Joined: Tue Apr 26, 2011 11:06 pm

Re: Huffington Post article on new "trojan", real or hoax?

Post by jest2dogs » Sat Apr 07, 2012 1:39 am

I have followed up with "F-Secure" terminal commands (cut and pasted) and my Mac was not infected (I still need to check my wife's MBP). I also turned off the Java key in Safari>Preferences>Security. I may look into "1Password", but I don't do much in the way of banking online. I always had an anti-virus program on my PC, don't know why I can't download a free one.

I don't recall seeing a Java update from Apple. Perhaps because I don't have Java installed?

8string
Forum Member - Level 1
Forum Member - Level 1
Posts: 23
Joined: Thu Jul 21, 2011 8:41 pm

Re: Huffington Post article on new "trojan", real or hoax?

Post by 8string » Sat Apr 07, 2012 8:07 am

Good to know that you were able to follow the commands.
There was an update to Java in the latest updates I loaded, if it's not happening when you use Software update, then it's likely been updated already.

1 Password just helps to manage the passwords you may use to get to many different sites. I set up one password for my 'secure' sites and one for just normal sites. Over time, it's easy to forget as some sites, like Apple, demand a very rigorous password, (upper case, lower case #s etc.). So it's just easier to use 1Password to memorize them all as you use it and you don't need to write them all down somewhere.

I never store my bank password anywhere. Only in my head.

Off to help a few novice friends figure out if they have been infected. one seems like she could have been from her description.

User avatar
Richard Serkes
Forum Member - Level 5
Forum Member - Level 5
Posts: 1027
Joined: Thu Mar 31, 2011 9:21 pm
Location: Port Angeles, WA

Re: Huffington Post article on new "trojan", real or hoax?

Post by Richard Serkes » Tue Apr 10, 2012 9:36 am

Cult of Mac recommends this nifty little app to see if your Mac is infected. It will NOT clean your Mac if it is, it will only tell you if you have a problem.

https://github.com/jils/FlashbackChecker/wiki
---
Always burn your bridges. You never know who's coming up from behind.

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3139
Joined: Thu Apr 07, 2011 10:09 am

Re: Huffington Post article on new "trojan", real or hoax?

Post by Stephen Hart » Thu Apr 12, 2012 9:01 am

Several readers of Macintouch have analyzed the Kaspersky Flashback removal software and suggest not using it. It appears to rummage around more than necessary, and appears to want to delete much more than it should.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3139
Joined: Thu Apr 07, 2011 10:09 am

Re: Huffington Post article on new "trojan", real or hoax?

Post by Stephen Hart » Fri Apr 13, 2012 8:23 am

http://www.macworld.com/article/1166333 ... _tool.html
Kaspersky Lab on Thursday suspended distribution of its tool to remove the Flashback malware attacking Mac computers, saying the tool itself was making unacceptable alterations to user computers. A replacement is expected soon.
The lab’s Flashfake Removal Tool was suspended after Kaspersky discovered that it was erroneously removing user settings—including auto-start configurations, user configurations in browsers, and file sharing data—from infected computers. It had been in operation since Monday.

At this point, I'd recommend waiting for Apple's removal software or using the F Secure Terminal steps. If any SMUG member sees evidence of being infected, I'd be glad to help with removal.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

User avatar
Stephen Hart
Forum Member - Level 5
Forum Member - Level 5
Posts: 3139
Joined: Thu Apr 07, 2011 10:09 am

Re: Huffington Post article on new "trojan", real or hoax?

Post by Stephen Hart » Wed Apr 18, 2012 8:28 am

jest2dogs wrote:An iPad user friend of mine emailed me this link. When I opened said link another box opened saying there was an update available for Adobe Flash Player. The notice was not from my "download folder but "apparently" direct from Adobe.
Just a followup on this particular part of the discussion.

Adobe Flash Player Install Manager (the application) checks for updates automatically, and will present you with a window asking if you want to continue with the install. That's a legitimate application from Adobe. If you see something that looks like a Flash Player install window, and the app name is not exactly Adobe Flash Player Install Manager, quit the app immediately.

If you're ever in doubt--or if it just makes you more comfortable--you can quit Adobe Flash Player Install Manager, go direct to Adobe.com and click on the Flash Player link (at the lower right when I just checked). The next page will allow you to download the Flash Player installer dmg. Open that, run the app inside, and you'll get the same window as if Adobe Flash Player Install Manager started itself. It's incredibly unlikely that Adobe's site could be hacked, so this is a very safe way to keep Flash Player up to date. And, unless you never have Flash turned on, you need to keep Flash Player up to date.

Adobe Flash Player Install Manager can also be used to uninstall Flash Player.
"Design is not just what it looks like and feels like. Design is how it works."
Steve Jobs

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests