Jump to content
CrazyBoards.org

600,000 macs infected with Flashback botnet

Velvet Elvis

Recommended Posts

crtclms

crtclms

Posted
Posted

Oh, it was just a matter of time. It was just so much more effective to write a Windows OS virus, because of the market share, but it was never a question of Macs being perpetually virus free. Fortunately, DH has been able to keep us virus free up until now.

I don't know how I am going to guess which websites are malicious, though.

Link to comment
Share on other sites
water

water

Posted
Posted

OMG!!!

Thank you SO much VE. I had NO idea about this malicious thing.

I have been trying for an hour to do the fix. I have used Unix before but this is my first time doing Terminal on a Mac and somehow everytime I type what is suggested, which I am getting from this link:

http://www.f-secure....ashback_i.shtml

My terminal just says: something about default user settings and proceeds to list all the terminal commands and how to use them. If I remember from my past, that is just the Help commands and I type something wrong. I can get around the directories and tried also typing the command from different directories but nothing has worked.

I do NOT use safari. Currently I am using Opera, but was using Chrome in the past. But I still want to check my computer.

Help!!!

Link to comment
Share on other sites
dedoubt

dedoubt

Posted
Posted

Thanks for letting us know. I've been waiting for Mac specific viruses to be written. I was just hoping it would be when I was very old, and I wouldn't care because I could fly around in my flying car.

Anyway, I am not super well educated about computers (though I try), and my kids use Windows machines, so they can't help me. Reading over the information linked from that link you gave us, I saw this:

Installation

On execution, the malware checks if the following path exists in the system:

  • /Applications/ClamXav.app

If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.

So am I right in reading this to mean that if I have ClamXav installed, the Flashback bastard will abort its mission and delete itself without infecting my puter? Because that would be super sweet, if so.

Thanks for knowing more than I do about this, and for being willing to help!

Link to comment
Share on other sites
olga

olga

Posted
Posted

Thanks for the heads-up, but those instructions might as well have been written in Swahili. I haven't got the foggiest notion how to do what they're saying, so I guess I'll just have to wait and see if I have this virus.

Sigh. It ain't no fun being computer illiterate.

olga

Link to comment
Share on other sites
lavender fairy

lavender fairy

Posted
Posted

Thanks for the heads-up, but those instructions might as well have been written in Swahili. I haven't got the foggiest notion how to do what they're saying, so I guess I'll just have to wait and see if I have this virus.

Sigh. It ain't no fun being computer illiterate.

olga

LOL, I thought the same thing when I looked them up. Glad I'm not alone.

Link to comment
Share on other sites
Velvet Elvis

Velvet Elvis

Posted
  • Author
Posted

Sigh. It ain't no fun being computer illiterate.

It doesn't help that macs OS is designed to keep you that way.

I've used various flavors of linux and BSD for going on ten years but too much of this is mac specific for me to figure out.

dedeout: If you use CAV and it's installed to that path, that could be right. That won't help you if you've already got it though.

Link to comment
Share on other sites
dedoubt

dedoubt

Posted
Posted

dedeout: If you use CAV and it's installed to that path, that could be right. That won't help you if you've already got it though.

I've had CAV installed for at least a year (I think much longer- stupid memory), but I don't run it often enough. I ran it last night and it came up with four infected files, but I couldn't tell if any of them were Flashback. I'm just going to cross my fingers and hope for the best.

Oh well, it's not like I have any money for people to steal.

Link to comment
Share on other sites
nalgas

nalgas

Posted
Posted

I've been summoned here by more than one rather terse and unspecific request, so I'm not really sure what exactly I'm supposed to do, but I guess I can make it up as I go along.

I don't know how I am going to guess which websites are malicious, though.

From what I've heard so far, the old "fake Flash installer" version from last year was not very widespread. The current Java-based one seems to be overwhelmingly most common on sites based out of Russia, including some ones illegally streaming movies.

So am I right in reading this to mean that if I have ClamXav installed, the Flashback bastard will abort its mission and delete itself without infecting my puter? Because that would be super sweet, if so.

Unless you manually moved or renamed it, that should be the case. Everything (well, almost, but for practical purposes) installs to /Applications/ by default.

For anyone who's trying to play along at home and follow the instructions here, if you can't make enough sense out of it to understand what you're supposed to be doing, you probably shouldn't be doing it. The way it's presented is a little more confusing than it needs to be (anything that looks %like_this% is essentially a variable that should be replaced with whatever it's telling you, percent signs and all), but all of those things have to be done exactly how it says for it to do any good.

Chances are that most people haven't been affected, and someone will probably release a tool meant for normal people to use at some point soon-ish. Also, Apple has a patch for the bug that this is exploiting as of a couple days ago, so if you haven't gotten it yet, go run Software Update.

Link to comment
Share on other sites
water

water

Posted
Posted

I did it! Finally correctly typed both lines in Terminal got "does not exist". Yay!! No trojan (yet). If anyone would like some help you can PM me. I used the link in my post above which I believe is the same page that Nal posted above.

The idea of my computer being used by some exterior force is very creeepy. I removed my ethernet cable until I figured this out. And now I fly Opera. Love their icon.

Link to comment
Share on other sites
olga

olga

Posted
Posted

I ran Software Update on Baboo's computer---and there was something to install.

I checked on mine, and there was no new software. I guess I'll keep checking, and looking for the fix that normal people can do.

olga

Link to comment
Share on other sites
dedoubt

dedoubt

Posted
Posted

I've been summoned here by more than one rather terse and unspecific request, so I'm not really sure what exactly I'm supposed to do, but I guess I can make it up as I go along.

I think you were supposed to show up with a magic wand and make it all better. All the Mac people are running around in a room bumping into each other and crying. Or at least I am. (Yes, I can bump into myself.)

I appreciate your time.

Unless you manually moved or renamed it, that should be the case. Everything (well, almost, but for practical purposes) installs to /Applications/ by default.

Yah, it's still in the applications folder, and I haven't done anything to it (that I remember-- I tend to be kind of scared of virus scanners, so it's unlikely I did anything). I kind of want to run it every day now.

Link to comment
Share on other sites
olga

olga

Posted
Posted

Easy for you, but it says to download the thing and then "unzip" it or something. How does one do that? I double-clicked on the thing that downloaded and nothing happened. sigh. It's very hard being old AND a blond.

olga

Link to comment
Share on other sites
lavender fairy

lavender fairy

Posted
Posted

It was pretty easy, and I'm clean!

When you double click on the thing that downloaded, a file names "files" should show up in the same folder. Click on that, then click on one of the "trojan check" files. wait for a response. Then click on the other one and wait for a response.

As long as your response states taht the file "does not exist," you're in the clear!

Link to comment
Share on other sites
nalgas

nalgas

Posted
Posted

I checked on mine, and there was no new software.

Hm, I ran Software Update, and the only update is for itunes. Nothing related to the virus.

If you're using 10.5 or older, they're not supporting those anymore, so you're out of luck if that's the case. The only thing you can really do is to disable Java. If you go to /Applications/Utilities/ and open Java Preferences, then uncheck everything in the "General" tab, that should prevent anything Java-based from running anywhere, in your browser or elsewhere.

Note: You shouldn't have to do this unless you're running an older version of OS X that's no longer supported, but if you want to do it just to be extra safe and you don't do anything that uses Java (most people don't), go right ahead. It's been one of the biggest security nightmares around for the past several years. You can always go back and re-enable it again if you need it for something.

Link to comment
Share on other sites
Keahilanikupono

Keahilanikupono

Posted
Posted

Um. I'm jumping in this a bit late..as it seems that people are getting it. Not that I get it. Terminal scares the bejesus out of me because you can wipe the whole shit howdy out in one fell swoop if you don't double and triple check your command. Make sure you have a time machine back up and proceed with caution.

So here's what I can tell you:

As far as the command itself, if you go to a Mac specific virus site (please don't ask which one I used..my brain is mush. Helpful I know. God knows I aim to please) and find the command to check for the virus copy and paste the command at CLI and then you don't have to worry about the actual command being wrong. Terminal is not something you want to mess with if you don't know what you're messing with. That's why you have the GUI

The java update will be specifically for the patch against the virus. If you click on the show details thingie under the list of updates it will tell you what the update is for though it doesn't say exactly how it works.

So says the ACMT that knows nothing about what she's talking about.

Also, just a friendly reminder. IOS devices don't get infected. Just incase anyone was wondering.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...