Jump to content

Mac Flashback Trojan


6 posts in this topic

Recommended Posts



Apple computer users may think they have nothing to worry about when it comes to contracting viruses and malware online, but a Russian antivirus company is reporting that 600,000 Macs are currently infected with a nasty trojan horse virus called “Flashback.”

Doctor Web issued a report on Wednesday that said 550,000 computers with Mac OSX have picked up the virus. An analyst at Doctor Web later sent a tweet noting that 600,000 Mac computers have actually been infected and some — about 274 — are actually based in the same city as Apple’s headquarters, Cupertino, Calif. About 57% of the infected Macs are said to be in the U.S. and 20% are based in Canada.

Flashback was originally discovered in September 2011 and was designed to disguise itself as an Adobe Flash Player installer, using Flash player logos. After installing Flashback, the malware seeks out user names and passwords that are stored on your Mac. SEE ALSO: More Than 600,000 Macs Infected With Flashback Malware [REPORT]

“There are no visible symptoms for this Mac virus, except for making sporadic connections to unknown servers that can be only seen in the Firewall logs, if any firewall is in place,” Boris Sharov, CEO of Doctor Web, told Mashable. “The symptoms also depend on the payload that may be downloaded upon the command from the control server.”

Although Sharov said it’s difficult to prevent contracting the virus, it’s not impossible.

“The bad thing about these types of infections is that it is hard to prevent them without disconnecting one’s computer from the Internet all together,” Sharov said. “We advise Mac users to strictly follow Apple’s security updates. Don’t neglect them.”

To protect your computer from contracting the virus now, download Apple’s latest software update. Click the Apple logo located in the top-left section of the desktop and select Software Update. Install all of the available updates as soon as possible.

“Unfortunately, the number of infected computers is still increasing,” Sharov said. “This means that users are careless about security patches, and they shouldn’t be.”

Sharov also advised Mac users to install anti-virus software, even though many think it’s unnecessary to do so for Apple computers.

Although symptoms are minimal, there are a few things you can do to see if you are infected. Sharov suggests the following steps (note: we posted the html code below as an image so you could read the full code):

  • Go to the Mac’s Library folder and select LaunchAgents. There should be several files in that catalog.
  • Search all files in the folder for the following contents: HTML.jpg
  • Look for the file name specified in the ProgramArguments key. This is where the file BackDoor.Flashback.39 would be located.
  • To see if this is the trojan, scan it with anti-virus software for Mac OS or upload it to VirusTotal website.
  • To cure the machine, delete both files.
  • Removing the files should restore your computer.

The news comes after Apple continues to position OS X as a more secure alternative to other computer makers.

“A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers,” Apples notes on its homepage. “That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.”

Apple has not responded to Mashable’s request for a comment.

Link to comment
Share on other sites

Hi,maybe you are is a fen on Mackeeper?Russian?

Link to comment
Share on other sites

If you are so worried, download Avast Free for Mac.

In any case, there is very little doubt that OS X is a lot safer than Windows.


It's not about being worried. It's about letting the community know that this is now out there once again. There was never any doubt mac is safer than windows, but still this is out there. All it is is informative.

Link to comment
Share on other sites



Mac Malware Outbreak Is Bigger than 'Conficker'



An estimated 600,000 or more Macs are currently compromised and part of a massive botnet thanks to the Flashback Trojan. To put the size of the threat in some perspective, the Flashback Trojan botnet is even bigger than the massive Conficker botnet…relatively speaking.

The Conficker botnet compromised an estimated seven million plus Windows PCs around the world at its peak. Seven million is obviously much larger than 600,000, but Windows also has a significantly higher number of PCs in use around the world.

According to current data from Net Applications, Mac OS X is the number two desktop OS with 6.54 percent market share. Windows, on the other hand, accounts for 92.48 percent of the market. Based on market share, the Flashback Trojan botnet is equivalent to a Windows botnet of nearly 8.5 million PCs. That makes it an even larger threat than Conficker--just on a much smaller platform.

The Flashback Trojan is actually a misnomer at this point. It was a Trojan horse when it was originally discovered last year. A Trojan horse—as the historical reference implies—is malware that is disguised as something benign. The original threat masqueraded as an update for Adobe Flash that compromised machines when executed.

The current version, however, is more of a drive-by download threat. It doesn’t require any user interaction, or passwords. If a user visits a malicious or compromised website, the Flashback malware runs automatically and vulnerable systems are infected.

A malware attack such as this has even greater odds of success on Mac OS X than it does on a Windows system. The Mac OS X system itself is not less secure or prone to infection than Windows per se, but the Mac culture is conditioned to believe the OS is virtually invulnerable. Fewer users have any security software installed to protect their Mac OS X systems, and Mac OS X users are more likely to click links and open files without thinking twice.

It doesn’t help anything that Apple perpetuates the myth of invulnerability. It takes time to develop a patch, but as soon as Apple was aware that the threat existed, it should have proactively communicated to Mac OS X users to make them aware. In fact, it should have provided users with instructions to disable Java and mitigate the threat pending a patch to resolve the issue. The fact that it didn’t is probably a contributing factor to why the Flashback botnet is as large as it is.

Apple isn’t to blame for the threat. The vulnerability is in Java, not Mac OS X. But, Apple needs to understand that with the success of Mac OS X comes increased attention from malware developers, and malware attacks often go for third-party low-hanging fruit like Adobe Flash or Java.

Apple needs to be more proactive, and more honest with users about security concerns if it wants to contain future threats and prevent massive outbreaks such as this.

Link to comment
Share on other sites


  • Create New...