Friday, April 6, 2012

Flashback Trojan for Macs

At 600k infections, the Flashback Trojan for Macs appears to be real. Best I can tell, a vulnerability with Java lets the attacker try to install something, and if the user enters their username and password it gets in elevated privileges. According to Gruber apparently even "sophisticated" people have been fooled into it.

Us Mac users have been spoiled.

So what to do? Well, if you trust me, download this script:

http://head-lights.s3.amazonaws.com/files/FlashbackChecker_v0.1.app.zip

... double-click the .zip file to decompress the .app, then double-click the .app file. It's a simple Applescript that checks for the 5 evidences of Flashback that F-secure, Mashable, and cnet contributors have found. It'll pop-up a dialog telling you whether you need to worry or not.

If you're infected (or if you don't trust me =) ), that cnet link can help you through it yourself.

Apple already has a fix, so if you're clean, just update your system if you haven't lately.

You might be tempted to think this marks the end of virus-free Macs -- and it might be, but I doubt it. Note, you still had to enter your username and password for it to get installed, so if you open your door to a surly guy holding a pipe-wrench behind his back, it's hard to blame the people who made your door locks if he comes in. And it's already fixed. Also, Apple's new OS (Mountain Lion) enables whitelisting (sandboxing/code-signing), meaning that if you have the setting turned on, only apps that have gone through Apple's screening process will be allowed to run, and even then they're only allowed to do things they have permission to do.

* UPDATED with info from Macworld story, apparently it installs just by visiting a malicious website.

No comments:

Does anyone read this thing?

views since Feb. 9, 2008