muleman
Gone But Not Forgotten
New Flashback variant silently infects Macs
By Emil Protalinski | April 23, 2012, 11:39am PDT
Summary: A new Flashback Trojan has been discovered that infects Macs without prompting the user for a password. If you haven’t updated Java on your Mac, or disabled it entirely, you could be a victim.
The Flashback Trojan that infected over 600,000 Apple Macs earlier this month still reportedly has a very high infection rate, despite the fact that Apple has already patched the Java vulnerability and released a removal tool. Now, security firm Intego says it has discovered a new Flashback variant that installs without prompting the user for a password.
This version, which Intego refers to as Flashback.S, places its files in the user’s home folder, at the following locations:
This recent variant is interesting if you compare it to one discovered two months ago. That one asks for administrative privileges, but does not require them. If you give it permission, it will install itself into the Applications folder where it will silently hook itself into Firefox and Safari, and launch whenever you open one of the two browsers. If you don’t give it permission, it will install itself to the user accounts folder, where it can run in a more global manner, launching itself whenever any application is launched, but where it can also more easily detected.
Flashback was initially discovered in September 2011 masquerading as a fake Adobe Flash Player installer. A month later, a variant that disables Mac OS X antivirus signatures updates was spotted in the wild.
In the past few months, Flashback has evolved to exploiting Java vulnerabilities. This means it doesn’t require any user intervention if Java has not been patched on your Mac: all you have to do is visit a malicious website, and the malware will be automatically downloaded and installed.
By the way, two other Mac-specific Trojans have been discovered since Flashback’s hype: one that also exploits Java and another that exploits Microsoft Word. Security firm Kaspersky recently confirmed what many have been saying for years: as Macs are becoming more popular, malware writers are increasingly targeting them.
My advice to Mac users remains the same. Get the latest security updates from Apple. Disable Java if you don’t use it. Install an antivirus.
By Emil Protalinski | April 23, 2012, 11:39am PDT
Summary: A new Flashback Trojan has been discovered that infects Macs without prompting the user for a password. If you haven’t updated Java on your Mac, or disabled it entirely, you could be a victim.
The Flashback Trojan that infected over 600,000 Apple Macs earlier this month still reportedly has a very high infection rate, despite the fact that Apple has already patched the Java vulnerability and released a removal tool. Now, security firm Intego says it has discovered a new Flashback variant that installs without prompting the user for a password.
This version, which Intego refers to as Flashback.S, places its files in the user’s home folder, at the following locations:
- ~/Library/LaunchAgents/com.java.update.plist
- ~/.jupdate
This recent variant is interesting if you compare it to one discovered two months ago. That one asks for administrative privileges, but does not require them. If you give it permission, it will install itself into the Applications folder where it will silently hook itself into Firefox and Safari, and launch whenever you open one of the two browsers. If you don’t give it permission, it will install itself to the user accounts folder, where it can run in a more global manner, launching itself whenever any application is launched, but where it can also more easily detected.
Flashback was initially discovered in September 2011 masquerading as a fake Adobe Flash Player installer. A month later, a variant that disables Mac OS X antivirus signatures updates was spotted in the wild.
In the past few months, Flashback has evolved to exploiting Java vulnerabilities. This means it doesn’t require any user intervention if Java has not been patched on your Mac: all you have to do is visit a malicious website, and the malware will be automatically downloaded and installed.
By the way, two other Mac-specific Trojans have been discovered since Flashback’s hype: one that also exploits Java and another that exploits Microsoft Word. Security firm Kaspersky recently confirmed what many have been saying for years: as Macs are becoming more popular, malware writers are increasingly targeting them.
My advice to Mac users remains the same. Get the latest security updates from Apple. Disable Java if you don’t use it. Install an antivirus.
