More than 600,000 Macs infected with Flashback botnet

Discussion in 'malware problems & news' started by EncryptedBytes, Apr 5, 2012.

Thread Status:
Not open for further replies.
  1. EncryptedBytes

    EncryptedBytes Registered Member


  2. TheKid7

    TheKid7 Registered Member

  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    People installing fake flash player .... how new and original.
  4. vasa1

    vasa1 Registered Member

    "Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit. Doctor Web's virus analysts discovered a large number of web-sites containing the code.
    ... In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting"
  5. guest

    guest Guest

    Looks very serious.
  6. zapjb

    zapjb Registered Member

    Yeah! Oops I'm not supposed to be happy about this. :cool:

    Fapple, the most closed source, evil pretentious monetizing corporation the world has ever known. Choke on it. Whew feel better now.:D
  7. blasev

    blasev Registered Member

  8. Dermot7

    Dermot7 Registered Member
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Anti-malware is unneeded. Crop, pesticides, propaganda.
    No Apple denial - but simple and good design.
    Nothing can stop morons from being morons, though.
    And that's OS-agnostic.

  10. m00nbl00d

    m00nbl00d Registered Member

    So, is the user's fault that something like Java is so insecure and exploitable, that serves them a nice drive-by download?

    Or, are you saying they're morons, because they lack the knowledge to stop the drive-by downloads, without any of the AV stuff?
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Java is no more no less buggy than any other software. I bet you a shilling that 95% of those infections came from deliberate installs by people who don't care about anything. And no amount of anything can help them.

    The rest - the media panic, the news flashes, the ominous posts, the talks about hit and runs and whatnot, the technobabble, and the talk about security software promoted by security companies most of all, it's all unneeded financial propaganda.

    Last edited: Apr 6, 2012
  12. m00nbl00d

    m00nbl00d Registered Member

    That's true. All software have bugs, but the difference lies on how widely used any of them are, and therefore the likelihood of any of them becoming an attack vector. Java is one of such attack vectors. And, to make things worse, Oracle takes way too long to fix security vulnerabilities. Even worse, is that, Java's built-in update mechanism, doesn't even work, at all.

    So, most likely millions of users, including Windows user, run an outdated version of Java. Most likely also running outdated versions of other applications, that also may have buggy updating mechanism or don't even have them; they're just not endangered by such apps, simply because they aren't being targeted.

    We can argue that any of these users could visit a website pretending to show some video, and said they had to install Flash Player or whatever, but if Java/other were patched (by the developers) as soon as possible, then it wouldn't matter - the exploit wouldn't work and the drive-by download wouldn't happen.

    I agree with that.
  13. JRViejo

    JRViejo Global Moderator

  14. Carver

    Carver Registered Member

    The other day I updated Media Player Classic Home Cinema (from MajorGeeks) to version after I finished installing I got a popup saying the latest DX runtime was not installed so I did a search on the microsoft update site for the Latest DX runtime. I would not click and download the DX runtime if it was presented to me on any supposed page with a media player or videos.
  15. m00nbl00d

    m00nbl00d Registered Member

    And, that's the right approach. :thumb: Unfortunately, many are not that reasonable. :ouch:

    But, even in the eventuality you did click in some link, that would end up exploiting some Java's known vulnerability, if Oracle was faster working and releasing the patches, then the exploit wouldn't know and the drive-by download would not happen. Unfortunately, Oracle is reckless in that field. :thumbd:

    I mean, for **** sake, they can't even develop a proper updating mechanism. It simply doesn't work. How ****** up is that? o_O There are a few reports in this forum, from a few users, saying it doesn't work. I have witnessed it in one of my relative's computer. It simply doesn't work. :thumbd:

    And, it doesn't have to really be a website pretending to be hosting some pretty video; it can very well be a legitimate website showing third-party ads, and the ad network gets hijacked to serve a nice exploit, resulting in a drive-by download. It happened quite recently... again. :argh:

    So, when we combine a company such as Oracle, which simply doesn't patch Java's security vulnerabilities as fast as they should, Java not updating automatically as it should, legitimate websites being hacked, ad networks being hacked and unsuspected users.... it's one heck of a bomb... :D
  16. 3x0gR13N

    3x0gR13N Registered Member

    That is augmented by the fact that Apple themselves deferred applying the patch on OS X, the patch was available since nov '11 and feb '12 and it's only yesterday that they released an update.
  17. m00nbl00d

    m00nbl00d Registered Member

  18. Brummelchen

    Brummelchen Registered Member

    Re: WebrootSecureAnywhere and Eset Smart Security 5

    interesting that people dont trust only one program instead securing the
    present state of their operating system or used software. you must live
    like a MONK (tv series) and avoid any earthed material.

    so funny that 600.000 of macs where infected with a java trojan as
    they though they were safe.

    so none of the present av is capable to handle this - kaspersky, eset, avira,
    avast and others failed. and people wont deactivate or uninstall java.

    so what do you think now?
  19. vlk

    vlk AV Expert

    Re: WebrootSecureAnywhere and Eset Smart Security 5

    Why do you think so?
    I mean, what makes you think that the Flashback trojan was not being detected by any AV software of Mac?

  20. Brummelchen

    Brummelchen Registered Member

    Re: WebrootSecureAnywhere and Eset Smart Security 5

    i read forums where people still claim to be infected after weeks of presence.
    600.000 is not a small number - i dont think they use all one av solution (or none).
    although apple os was said to have this vulnerability, not java.
    Fescure wrote about 45 million apple macs, 600.000 is only 1.3 per cent.

    only the german news for it

    DrWeb, F-Secure, Trend were named. afair they offer a mac solution, next to
    eset who are really quiet except this blog

    no information if that av software was installed on those computers.

    The bad thing seems that flashback.a is known till sep'11
  21. get_it

    get_it Registered Member

    Re: WebrootSecureAnywhere and Eset Smart Security 5

    I suspect they don't use any and are under a false impression that their metallic Mac casing/shell will protect them from viruses also because Apple are just so technologically advanced like that.

    Last edited by a moderator: Apr 7, 2012
  22. Atul88

    Atul88 Registered Member

    Re: WebrootSecureAnywhere and Eset Smart Security 5

  23. Cudni

    Cudni Global Moderator

    Few related posts added from a different thread. Some ot posts removed
  24. greatwhite

    greatwhite Registered Member

    Wow quite a bit of Apple knocking on this bit of the forum. How sad. I have always had an AV program on my Macs because firstly I don't want to forward anything to my windoze using friends without my knowledge and secondly I knew the day would come when we would start getting them on macs. Maybe this threat may wake up some mac users to install an AV program, lets hope so.
  25. JRViejo

    JRViejo Global Moderator

    Last edited: Apr 7, 2012
Thread Status:
Not open for further replies.