An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#21425 - 04/06/12 10:43 AM Malware Alarms
MG2009 Offline


Registered: 08/05/09
As most of you already know, there is a little buzz in the air (again) about MAC viruses and malware in the wild. There are several recent articles - predominately by WINDOWS bloggers and columnists. Many "report" that such entities are out there infecting MACS . . . but I have yet to find anyone EXPLAIN the ACTUAL harm these are causing (if, in fact, these do exist).

Is anyone of sound mind and body able to describe what is known to be out there and what specific damage these are causing for MAC users? (Looking to hear from 'Voices of Reason' and not from "alarmists.") wink

Thanks a bunch for any clarification . . . and piece of mind . . . and fixes (if needed) . . . that anyone can provide.

Top
#21426 - 04/06/12 11:25 AM Re: Malware Alarms [Re: MG2009]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Check out the latest discussions in THE CYBER-SECURITY THREAD in the Lounge.

Top
#21427 - 04/06/12 01:29 PM Re: Malware Alarms [Re: MG2009]
alternaut Offline

Moderator

Registered: 08/04/09
The current Flashback-variant trojan issue starts with this post. This malware can gain access to Macs via unpatched Java vulnerabilities.

The initial problem with this Trojan is that it hijacks the [Safari] browser every time it launches and redirects the user to a targeted website, but there is the more alarming potential to eavesdrop on your computer and internet activities, and send home the goodies including passwords etc.

The number of 500,000-600,000 infected Macs that goes around is allegedly based on telltale individual signatures of those Macs, comes from a relatively obscure Russian anti-malware site, but has not yet been substantiated or confirmed by others*. But that shouldn't detract from the threat, which is real and 'live in the wild'.

*) But see Flashfake Mac OS X botnet confirmed.


Edited by alternaut (04/09/12 08:15 AM)
Edit Reason: Added link about Flashback botnet confirmation
_________________________
alternaut moderator

Top
#21459 - 04/07/12 05:01 PM Re: Malware Alarms [Re: MG2009]
dianne Offline

Moderator

Registered: 08/04/09
MG2009,

In case the following might give you peace of mind . . . .

I used information from - How to remove the Flashback malware from OS X - under the section "How do I detect it?" - to see what Terminal reported for my Mac OS X 10.6.8 system.

I copied and pasted the three lines from the above link and section which began with
defaults read
into Terminal and pressed enter.

Three results stating "does not exist" were returned.

Then I did the same for
ls -la ~/../Shared/.*.so

"No such file or directory" was returned.

As far as I know, my system has all of the available updates installed.
_________________________
dianne • moderator

Back up everything you can't afford to lose – documents, mail, movies, music, photos, and other data and settings.

Top
#21489 - 04/09/12 07:56 AM Re: Malware Alarms [Re: dianne]
Ira L Offline


Registered: 08/13/09
Loc: California
And for those a bit shy with Terminal, an Applescript has been posted on this blog that does the same. The author gives a link to download the script and also provides the full text of the script.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#21490 - 04/09/12 10:07 AM Re: Malware Alarms [Re: Ira L]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Scripts scare me far more than Terminal.
Former is way too complicated ~ opaque to a simple-minded user like me ... as FTMers and MFIers might remember from way back when.
At least I can cut-and-paste Terminal commands quasi-fearlessly ... as I did and reported in THE CYBER-SECURITY THREAD — with the same results as dianne.

Top
#21492 - 04/09/12 02:20 PM Re: Malware Alarms [Re: grelber]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: grelber
Scripts scare me far more than Terminal. Former is way too complicated ~ opaque to a simple-minded user like me ...

Seems to me that this is a great opportunity to try a script smirk and get a feel for what's involved in running them (for giggles, compare the search terms in the script with your Terminal strings). After all, some Flashback detector scripts have been tested by others here (including myself) and work as advertised. Just follow the instructions at the bottom of this post. tongue
_________________________
alternaut moderator

Top
#21494 - 04/09/12 02:26 PM Re: Malware Alarms [Re: dianne]
MG2009 Offline


Registered: 08/05/09
Thanks, Dianne.

I followed the TERMINAL instructions, as outlined, and got the same results as Dianne. (All looks clean to me.)


smile

Top
#21498 - 04/09/12 05:00 PM Re: Malware Alarms [Re: MG2009]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Me too....ditto on the thanks, dianne.


Edited by ryck (04/09/12 05:00 PM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top

Moderator:  alternaut, dianne, MacManiac