More than 600,000 Macs infected with Flashback botnet

Discussion in 'malware problems & news' started by EncryptedBytes, Apr 5, 2012.

Thread Status:
Not open for further replies.
  1. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Source

     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,595
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,299
    People installing fake flash player .... how new and original.
    Mrk
     
  4. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    "Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit. Doctor Web's virus analysts discovered a large number of web-sites containing the code.
    ... In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting dlink.com."
     
  5. guest

    guest Guest

    Looks very serious.
     
  6. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,632
    Location:
    USA still the best. But barely.
    Yeah! Oops I'm not supposed to be happy about this. :cool:




    Fapple, the most closed source, evil pretentious monetizing corporation the world has ever known. Choke on it. Whew feel better now.:D
     
  7. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
  8. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    http://betanews.com/2012/04/06/three-quarters-of-mac-owners-dont-use-anti-malware-software/
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,299
    Anti-malware is unneeded. Crop, pesticides, propaganda.
    No Apple denial - but simple and good design.
    Nothing can stop morons from being morons, though.
    And that's OS-agnostic.

    Mrk
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, is the user's fault that something like Java is so insecure and exploitable, that serves them a nice drive-by download?

    Or, are you saying they're morons, because they lack the knowledge to stop the drive-by downloads, without any of the AV stuff?
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,299
    Java is no more no less buggy than any other software. I bet you a shilling that 95% of those infections came from deliberate installs by people who don't care about anything. And no amount of anything can help them.

    The rest - the media panic, the news flashes, the ominous posts, the talks about hit and runs and whatnot, the technobabble, and the talk about security software promoted by security companies most of all, it's all unneeded financial propaganda.

    Mrk
     
    Last edited: Apr 6, 2012
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That's true. All software have bugs, but the difference lies on how widely used any of them are, and therefore the likelihood of any of them becoming an attack vector. Java is one of such attack vectors. And, to make things worse, Oracle takes way too long to fix security vulnerabilities. Even worse, is that, Java's built-in update mechanism, doesn't even work, at all.

    So, most likely millions of users, including Windows user, run an outdated version of Java. Most likely also running outdated versions of other applications, that also may have buggy updating mechanism or don't even have them; they're just not endangered by such apps, simply because they aren't being targeted.

    We can argue that any of these users could visit a website pretending to show some video, and said they had to install Flash Player or whatever, but if Java/other were patched (by the developers) as soon as possible, then it wouldn't matter - the exploit wouldn't work and the drive-by download wouldn't happen.

    I agree with that.
     
  13. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    103,296
    Location:
    U.S.A.
     
  14. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,916
    Location:
    USA
    The other day I updated Media Player Classic Home Cinema (from MajorGeeks) to version 1.6.1.4235 after I finished installing I got a popup saying the latest DX runtime was not installed so I did a search on the microsoft update site for the Latest DX runtime. I would not click and download the DX runtime if it was presented to me on any supposed page with a media player or videos.
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    And, that's the right approach. :thumb: Unfortunately, many are not that reasonable. :ouch:

    But, even in the eventuality you did click in some link, that would end up exploiting some Java's known vulnerability, if Oracle was faster working and releasing the patches, then the exploit wouldn't know and the drive-by download would not happen. Unfortunately, Oracle is reckless in that field. :thumbd:

    I mean, for **** sake, they can't even develop a proper updating mechanism. It simply doesn't work. How ****** up is that? o_O There are a few reports in this forum, from a few users, saying it doesn't work. I have witnessed it in one of my relative's computer. It simply doesn't work. :thumbd:

    And, it doesn't have to really be a website pretending to be hosting some pretty video; it can very well be a legitimate website showing third-party ads, and the ad network gets hijacked to serve a nice exploit, resulting in a drive-by download. It happened quite recently... again. :argh:

    So, when we combine a company such as Oracle, which simply doesn't patch Java's security vulnerabilities as fast as they should, Java not updating automatically as it should, legitimate websites being hacked, ad networks being hacked and unsuspected users.... it's one heck of a bomb... :D
     
  16. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    852
    That is augmented by the fact that Apple themselves deferred applying the patch on OS X, the patch was available since nov '11 and feb '12 and it's only yesterday that they released an update.
    http://news.cnet.com/8301-13579_3-57410476-37/apples-security-code-of-silence-a-big-problem/
     
  17. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
  18. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    6,173
    Re: WebrootSecureAnywhere and Eset Smart Security 5

    interesting that people dont trust only one program instead securing the
    present state of their operating system or used software. you must live
    like a MONK (tv series) and avoid any earthed material.

    /ot
    so funny that 600.000 of macs where infected with a java trojan as
    they though they were safe.

    so none of the present av is capable to handle this - kaspersky, eset, avira,
    avast and others failed. and people wont deactivate or uninstall java.

    so what do you think now?
     
  19. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    621
    Re: WebrootSecureAnywhere and Eset Smart Security 5

    Why do you think so?
    I mean, what makes you think that the Flashback trojan was not being detected by any AV software of Mac?

    Vlk
     
  20. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    6,173
    Re: WebrootSecureAnywhere and Eset Smart Security 5

    i read forums where people still claim to be infected after weeks of presence.
    600.000 is not a small number - i dont think they use all one av solution (or none).
    although apple os was said to have this vulnerability, not java.
    Fescure wrote about 45 million apple macs, 600.000 is only 1.3 per cent.

    only the german news for it
    http://www.n-tv.de/technik/Trojaner-kapert-600-000-Macs-article5965286.html
    int'l
    http://news.drweb.com/show/?i=2341
    http://averysawaba.blogspot.de/2012/04/over-half-million-macs-infected.html

    DrWeb, F-Secure, Trend were named. afair they offer a mac solution, next to
    eset who are really quiet except this blog
    http://blog.eset.com/2012/04/05/mac-flashback-trojan-java-update

    no information if that av software was installed on those computers.

    The bad thing seems that flashback.a is known till sep'11
    http://www.ubergizmo.com/2011/09/osxflashback-a-malware-discovered-for-mac/
     
  21. get_it

    get_it Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    99
    Re: WebrootSecureAnywhere and Eset Smart Security 5

    I suspect they don't use any and are under a false impression that their metallic Mac casing/shell will protect them from viruses also because Apple are just so technologically advanced like that.

    *
     
    Last edited by a moderator: Apr 7, 2012
  22. Atul88

    Atul88 Registered Member

    Joined:
    Dec 8, 2011
    Posts:
    259
    Location:
    India
    Re: WebrootSecureAnywhere and Eset Smart Security 5

    Hmmm....o_O
     
  23. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    Few related posts added from a different thread. Some ot posts removed
     
  24. greatwhite

    greatwhite Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    1
    Location:
    United Kingdom
    Wow quite a bit of Apple knocking on this bit of the forum. How sad. I have always had an AV program on my Macs because firstly I don't want to forward anything to my windoze using friends without my knowledge and secondly I knew the day would come when we would start getting them on macs. Maybe this threat may wake up some mac users to install an AV program, lets hope so.
     
  25. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    103,296
    Location:
    U.S.A.
     
    Last edited: Apr 7, 2012
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.