Derty Posted April 7, 2012 Share Posted April 7, 2012 BackDoor.Flashback.39 trojan http://support.apple.com/kb/HT5228 snow update Leopard lion update Lion the trojan is a false update flash player. The Flashback Trojan has hit 600,000 Macs worldwide, 300,000 in the US and at least 274 in Cupertino alone. Is your computer safe? The times when Apple computers were malware-free are far gone. Mac users need to be wary, as the Flashback Trojan has taken a toll on Mac OS X computers, stealing person information through Web browsers and Java. According to a report today from Russian antivirus company Dr. Web, the growing Mac botnet had originally laid claim to 500,000 Mac computers, but later that number was updated to 600,000. At least 274 of those bots were found to be checking in from Cuptertino, CA. The numbers point out that 57 percent (303,449) of the compromised Macs are US located, and around 20 (106,379) percent lie festering in Canada. The UK has the third largest number of infected Macs, claiming 12 percent of the botnet. Australia comes in fourth with 32,527 infected hosts. Users were infected with BackDoor.Flashback.39 after being redirected to a bogus website. A Google SERP in March points to there being at least four million compromised web pages, and some users have reported infection when visiting dlink.com. Once the JavaScript code loads a Java-applet contining the exploit, the exploit downloads a payload from a remote server. There are then two versions of the Trojan. The first way hunts down these components in the hard drive: /Library/Little Snitch /Developer/Applications/Xcode.app/Contents/MacOS/Xcode /Applications/VirusBarrier X6.app /Applications/iAntiVirus/iAntiVirus.app /Applications/avast!.app /Applications/ClamXav.app /Applications/HTTPScoop.app /Applications/Packet Peeper.app If not found, the Trojan uses “a special routine to generate a list of control servers,” and begins checking in with those servers. The malware was first discovered back in September 2011, and masqueraded as a fake Flash Player installer. The latest variant took over this past weekend, going after a Java vulnerability. The vulnerability (CVE-2012-0507) was closed by Apple Tuesday. It’s recommended that a security updated by downloaded from support.apple.com/kb/HT5228 Link to comment Share on other sites More sharing options...
TH3L4UGH1NGM4N Posted April 9, 2012 Share Posted April 9, 2012 Ironic how there's a virus named Trojan yet the biggest brand of protection is Trojan. Oh the irony... Link to comment Share on other sites More sharing options...
Derty Posted April 13, 2012 Author Share Posted April 13, 2012 F-Secure Flashback removal Kaspersky Flashback removal Tool 1 Link to comment Share on other sites More sharing options...
Recommended Posts