Article source: http://www.zdnet.co.uk/news/security-threats/2012/04/29/flashback-trojan-wake-up-call-for-mac-users-40155102/

Article source: http://www.zdnet.co.uk/news/security-threats/2012/04/29/flashback-trojan-wake-up-call-for-mac-users-40155102/

Macs have been comparatively protected from a kind of viruses that tormented Windows users by a final integrate decades. But once it was suggested that a movement of Flashback was means to emanate a botnet of some-more than half a million Macs thanks to an unpatched Java vulnerability users stood adult and took notice. OS X has mostly been giveaway of viruses and worms adult to this point, yet that still doesn’t stop gullible users from being duped into typing an admin cue into a deftly (or, sometimes, not-so-cleverly) sheltered installer. 

It should be remarkable that Flashback creatively compulsory an admin cue as well, yet eventually strew that requirement. But a new Flashback hullabaloo wasn’t a initial denote that malware could impact Mac users—not by a prolonged shot. In fact, a initial versions of a Flashback trojan itself seemed as early as Sep 2011, so a latest conflict wasn’t even a initial we’ve listened of this sold malware.

As Apple continues to boost a share of a PC market, Macs are apropos a viable aim for malware authors, growing a handful or dual of trojans in a final decade. Here are 5 in sold that were deliberate (by some) to be harbingers of a good malware infestation for OS X that instead valid to be some-more bellow than bite.

Patient zero

One of a first obvious trojans for Mac OS X incited adult in 2004. OS X by default hides record extensions, so it’s probable for an executable to cover-up as some other record type, like an picture or song file. If OS X is set to censor record form extensions, a a record named “hot_pic_xxx.jpg.app” will seem to a user as “hot_pic_xxx.jpg“. With a tradition icon, an gullible user competence double-click a icon, rising a app instead of loading a purported picture in Preview.

Mac confidence organisation Intego speckled a trojan that took this process a small serve by burying executable formula in a IDv3 tab of an MP3 file. Double-clicking a record would launch a trojan formula in a IDv3 tag, afterwards play a MP3 inside iTunes to keep a user nothing a wiser.

At a time, Intego warned that a trojan could do all kinds of bad things like undo files, taint other MP3s, or send itself around e-mail. However, a feat was merely a proof-of-concept that never went anywhere.

RSPlug.A

While successive trojans identified as malware incited out to be small some-more than submissive proof-of-concepts, Intego warned of a more critical threat in 2007 dubbed “RSPlug.” This trojan simulated to be a QuickTime codec compulsory to perspective videos from porn sites, yet instead commissioned a DNS server that would route users to feign versions of sites like eBay or Paypal. These sites would constraint users logins to fraud income from gullible users.

Several variations later appeared that seemed to chase on a many naïve users, hardly attempting to censor a fact that a installers were not from devoted sources. While Intego deliberate RSPlug a “critical” threat, it compulsory users to enter an admin cue before it could do anything unsavory, preventing it from infecting some-more than a little commission of Mac users.

OSX.Trojan.iServices

Within a month of rising iWork ’09 during Macworld Expo in January, a pirated chronicle of a $79 capability apartment started present on a ‘net pressed with formula that installed a backdoor in OS X. More variations of this same trojan seemed in several “pirated” apps, including Adobe Photoshop CS4.

Needless to say, this trojan didn’t taint many users, either. While Adobe’s rather costly artistic program was substantially a many smarter cargo aim than Apple’s bill bureau software, this trojan usually putrescent infrequent “pirates” that substantially schooled a profitable doctrine in a value of profitable for legitimate program licenses.

“MacGuard”

In 2008, malware authors attempted to take advantage of gullible Mac users by pretending to be pathogen scanning software. Dubbed “MacGuard,” this malware caused feign pathogen infection alerts to seem on a users computer, charity to absolved a user of a pathogen by entering credit label information.

Fortunately, a app was feeble ported from a scarcely matching Windows version, and didn’t dope too many users before being identified by confidence vendors. Our recommendation afterwards was to hang to obvious antivirus vendors, like Norton or McAfee, instead of different program vagrant for credit label numbers.

The same simple pretence after seemed in a much some-more convincing form in 2011 as “Mac Defender.” That program was many some-more worldly and during slightest had a coming of a legitimate app. It took a integrate weeks for Apple to acknowledge a problem and offer a program refurbish that separated a malware, yet that was after it seemed that a malware widespread in comparatively poignant numbers. Though a loyal impact of Mac Defender remains unclear, it positively brought a emanate of Apple’s shortcoming in operative opposite malware to light.

HellRTS.D

A new apparatus to install a backdoor in OS X was detected in 2010, called “HellRTS.” This malware compulsory earthy entrance to a mechanism to install, yet Intego warned that a formula could have been finished as a trojan. This backdoor was indeed a various of feat formula detected as distant behind as 2004, yet opportunely never materialized in any antagonistic trojan.

Variants of RSPlug and after a Mac Defender trojan eventually caused some-more concern, and Apple changed to refurbish a anti-malware underline silently built in to Snow Leopard in 2009 to brand and discharge these intensity threats.

An unit of prevention…

As we have remarkable in all a coverage of intensity Mac confidence threats, an unit of impediment is value distant some-more than a bruise of heal when it comes to mechanism security. Running as a non-admin user prevents many malware from installing itself in a initial place, and branch off Java or Flash in your browser eliminates those renouned feat vectors. Furthermore, a heightened clarity of doubt when traffic with different websites, e-mails from different senders, or program downloads from unverified sources also helps to revoke a odds of being a plant of a trojan or other malware. 

We cruise Apple could do some-more to respond to threats once widely identified, generally when it comes to a volume of time it takes to offer a program update. Still, a association is creation some bid to extent program downloads by default to trusted sources like accurate developers or a Mac App Store.

Of march when it comes to Flashback, even being hyper wakeful wouldn’t have helped much—malware is increasingly being injected into iframes on Google picture hunt formula and other sites that people widely trust. Users should remember that even sites they revisit frequently have a intensity to morph into conflict sites if they’re compromised and putrescent with exploits. Perhaps it’s time for us to cruise installing antivirus program as a rule, only like a Windows-using brothers and sisters. 

Article source: http://arstechnica.com/apple/news/2012/04/5-os-x-security-threats-that-fizzled.ars?clicked=related_right

The news final week that some-more than half a million Apple Macs had been putrescent with a botnet-building trojan famous as Flashback had many PC users personally sniggering into their mechanism screens. For decades now, Mac users have managed to sojourn flattering self-satisfied about a myth that Macs were unqualified of apropos putrescent with malware, though now they have.

According to Dr Web, a Russian confidence organisation who detected a malware, around 2% of all Macs worldwide have been putrescent and this could have been prevented had Apple jumped to courtesy a small quicker.

Flashback comes in by a Java disadvantage that Java themselves patched behind in February. It began life as a dodgy Flash refurbish before morphing into malware that is able of ‘drive-by’ infections regulating Java, that means that any caller to a antagonistic site will turn infected.

Due to a approach that Apple handles updates, a Java refurbish was expelled final week though a repair from them wasn’t stirring and still isn’t, nonetheless Apple have released a statement on their believe bottom to contend that they’re wakeful of a problem and operative on it.

However, in a same statement, Apple also pronounced that they are “working with ISPs worldwide” in sequence to invalidate a botnet’s CC servers.

“Apple is building program that will detect and mislay a Flashback malware,” a association wrote.

“In further to a Java vulnerability, a Flashback malware relies on mechanism servers hosted by a malware authors to perform many of a vicious functions. Apple is operative with ISPs worldwide to invalidate this authority and control network.”

The Flashback unfolding has flagged adult how distant behind Apple are on confidence issues, that Microsoft have had to understanding with for a prolonged time now, let’s wish that repair isn’t too prolonged entrance as a universe will be scrutinising their each move.

Article source: http://security.onestopclick.com/technology_news/apple-attempts-flashback-botnet-take-down_165.htm

Macworld - News of the Mac malware dubbed Flashback continues to spread, trailing on a heels of a feat itself. A confidence organisation has unclosed statistics about a Flashback infection, as good as providing collection to detect and mislay a infection.

Kaspersky Labs managed to retreat operative Flashback and set adult a “sinkhole server” where it could prevent trade reported from computers putrescent by a malware. The information a association retrieved helped it accumulate information on a border of a botnet spawned by Flashback; so far, Kaspersky says, it’s purebred a sum of 670,000 singular bots, or putrescent computers.

In addition, a organisation was able to mangle down a bots by geography; unsurprisingly, some-more than half of Flashback-infected computers were in a U.S., followed by decent chunks in Canada, a United Kingdom, and Australia. And nonetheless a disadvantage in Java could impact other platforms, Kaspersky’s numbers contend that Macs make adult some-more than 98 percent of putrescent machines that it’s surveyed.

While Apple issued a patch final week to tighten a Java disadvantage that Flashback exploits, that refurbish won’t detect either you’re putrescent or mislay a malware. Last week, F-Secure published a set of Terminal commands to expose a exploit, and on Monday an eccentric programmer released a Mac app that can check for a infection as well. Kaspersky’s charity nonetheless a third approach: a website into that we can pulp your Mac’s singular identifier to see if you’re cheerless by Flashback. The site will also check and make certain that we have a latest Java refurbish installed, and are so protected from serve infection–otherwise it will prompt we to run Apple’s Software Update.

If Flashback has descended on your Mac, a organisation also offers a giveaway dismissal tool; of course, a association also offers a blurb anti-virus product. For those looking to strengthen themselves even further, one Kaspersky consultant has posted a list of 10 stairs Mac users can take to revoke their risk of destiny infections.

Article source: http://www.computerworld.com/s/article/9226036/Security_firm_offers_more_Flashback_details_free_tools

The new Ipad goes on sale on Friday, 16 March

Will we buy a new Ipad?

Article source: http://www.theinquirer.net/inquirer/news/2166835/flashback-mac-botnet-confirmed-shrinking

Despite some initial skepticism, a Russian company’s explain that over 600,000 Macs have depressed chase to Flashback seem to be holding up.

When news pennyless final week that drive-by malware exploiting a famous Java disadvantage had putrescent first 300,000 afterwards as many as Dr. Web, a little-known Russian mechanism confidence firm. Who were these folks, and how did they come adult with a number?

However, Dr. Web’s guess of a series of putrescent Macs is holding water: nonetheless other confidence firms haven’t nonetheless constructed their possess eccentric estimates of a rates of Flashback infection, copiousness of putrescent machines are being found, and so distant many establish Dr. Web’s methodology seems sound. Dr. Web used a “sinkhole” approach, redirecting all trade dictated for Flashback’s command-and-control servers to another complement that deciphered a reports from putrescent machines and pulled out a Macintosh UUIDs—unique marker codes—for analysis. This process is some-more extensive than a elementary research of IP addresses, given (particular on home networks and organizations’ inner networks) hundreds of machines can feasible share a same IP number.

Dr. Web has expelled a simple lookup tool that claims to let folks establish if a sold Mac has been rescued as a complement putrescent with Flashback. Users only get their Mac’s UUID (available in a Hardware territory of System Information: select Apple About this Mac, afterwards More Info to launch System Information). Note that UUIDs are not sequence numbers: Dr. Web isn’t seeking for users to enter their sequence numbers.

If a infection rates published by Dr. Web are accurate, that means a altogether infection rate in a Macintosh ecosystem is a bit over one percent—common attention estimates put a series of active Macs in use during about 45 million. F-Secure analysts Mikko Hypponen noted around Twitter that transates to an infection rate over one percent. In theory, that would make Flashback as common on Macs as Conficker was on Windows.

Antivirus developer Intego believes a Flashback malware was created by a same folks who done a MacDefender trojan horse, that published minute instructions on how to establish if a Mac is infected, as good as credentials information on how a Flashback malware operates.

Article source: http://www.digitaltrends.com/apple/flashback-on-track-to-be-worst-mac-malware-in-decades/

Apple expelled a second confidence refurbish on Friday in a stability conflict opposite a Flashback trojan, that already has putrescent scarcely 650,000 Macs worldwide.

The computing hulk competence have found a glitch in a initial refurbish for Java, that contained a disadvantage that enabled a widespread of Flashback.

That forced Apple to follow adult with a second patch, that is usually for Mac OS X 10.7 (Lion), according to a blog post from confidence organisation Intego.

Although a creators of Java, Oracle, expelled fixes for Java in February, Apple’s response was delayed, pronounced Charles Miller, principal investigate consultant during confidence consulting organisation Accuvant Labs.

“They have a robe of holding a prolonged time to supply rags [for third-party products], that always puts their users during risk,” Miller said.

“I wish that this conflict will assistance them to see this prove and they will precipitate adult their patching in a future.”

A user’s mechanism can turn putrescent with Flashback by simply visiting a fraudulent web page, an conflict famous as a drive-by-download.

Anti-virus program would be means to warning users of an infection, nonetheless outward of that, chances are Mac users would not notice a wordless attack, Mikko Hypponen, arch investigate officer during F-Secure said.

Once commissioned on a machine, Flashback is means of a series of malignant actions, including hidden data, hijacking hunt formula and installing additional malware, nonetheless it doesn’t seem to be targeting personal information only yet, according to experts.

“Versions of Flashback have been around for months, nonetheless this is a initial one that uses an feat to taint you,” Hypponen said. “From a user’s prove of view, a disproportion is that a user does not need to be duped into entering a base cue for them to get putrescent [as was a box with prior variants].”

After experts during Russian AV businessman Dr. Web were means to “sinkhole” one of a botnet’s command-and-control hubs, they were means to daub into a traffic, redirecting it to their possess server, that authorised them to afterwards count a series of compromised machines.

According to a news expelled Wednesday by Dr. Web, Flashback has putrescent 600,000 machines globally, and some-more than half — 303,440 — are located in a United States.

On Thursday, Igor Soumenkov, a Kaspersky Lab malware researcher, reliable a numbers, according to a blog post, after his lab set adult a possess sinkhole.

“We were means to calculate a series of active bots,” Soumenkov wrote. “Our logs prove that a sum series of 600,000-plus singular bots connected to a server in reduction than 24 hours.”

Although they could not endorse or repudiate that a bots connected to a Kaspersky server were using Mac OS X, Soumenkov combined that by fingerprinting techniques, “more than 98 percent of incoming network packets were many expected sent from Mac OS X hosts.”

However, he did validate his remarks. “Although this technique is formed on heuristics and can’t be totally trusted, it can be used to make order-of-magnitude estimates,” he wrote.

According to marketplace researcher, NetApplications, Windows is a many renouned handling complement in a world, using on some-more than 90 percent of computers, demonstrative of a courtesy malware authors place on it.

But cyber criminals expected will take note of a distance of a Flashback botnet and so some-more sincerely cruise OS X as a viable target, pronounced Miller.

“As some-more people buy Macs, malware authors will follow along too,” he said. “It competence be time to consider about removing anti-virus for your OS X systems.”

An Apple orator could not be reached for comment.

This essay creatively seemed during scmagazineus.com

Article source: http://www.scmagazine.com.au/News/296305,apple-update-quells-flashback.aspx

(Credit:
Intego)

Unless you’ve been vital underneath a stone for a past week, you’ve substantially listened about Flashback, a square of malware targeting users of Apple’s
Mac OS X that’s now estimated to be sensitively using on some-more than 600,000 machines around a world.

That number, that came from Russian antivirus association Dr. Web progressing this week, was confirmed today by confidence organisation Kaspersky. More than 98 percent of a influenced computers were using Mac OS X, a organisation said.

That’s positively a large number, yet how does it smoke-stack adult to past threats?

“It’s a biggest, by far,” Mikko Hypponen, arch investigate officer during antivirus and mechanism confidence organisation F-Secure, told CNET in an e-mail. “I’m fearful a malware-free times of Mac users are behind us permanently.”

Separately, Catalin Cosoi, arch confidence researcher for antivirus-software builder Bitdefender, pronounced a infection was expected a largest for a Mac so distant this decade, yet that there’s no accurate proceed to magnitude how many Mac OS computers have been compromised.

“600,000 represents around 12 percent of a Mac OS computers sole in Q4 2011,” Cosoi said, “which means that if we count a array of Mac OS inclination sole in a past 3 years, we can guess that reduction than 1 percent of a Mac OS computers are presumably infected. On a other hand, if we demeanour during a tangible numbers and not during a percentages, a numbers demeanour flattering scary.”

Why now?
The accord among confidence researchers is that a hazard this distance has been prolonged overdue for a Mac, in no tiny partial given of a platform’s flourishing popularity.

Apple has outpaced a expansion of a PC courtesy for 23 true quarters, according to information from IDC. While a company’s iOS devices, like the
iPhone and
iPad, have not surprisingly seen most faster expansion and altogether sales in new years, Apple also pennyless a Mac sales record in a final quarter, offered some-more than 5 million computers — all of that were, of course, using a company’s exclusive handling system.

That kind of growth, that as of Feb put Apple’s commissioned bottom of Mac OS X users during 63 million, has not left neglected by attackers, according to confidence researchers.

“As some-more people buy and use Macs, we’ll see some-more malware,” Charlie Miller, a principal investigate consultant for Accuvant Labs, told CNET by telephone. “Part of it too is that it’s a Java vulnerability, and a tangible feat is OS independent, so (malware writers) didn’t have to know how to write an OS X exploit.”

In this sole instance, a diseased indicate that malware writers were targeting was Java, a record Apple hasn’t enclosed out of a box on a computers given 2010, yet that it supports with a possess releases. The runtime is used from anything from craving applications to renouned 3D games like Minecraft. In Nov 2010, when announcing skeleton for a OpenJDK project, Apple pronounced it would continue to say these versions by Lion, yet that Java SE 7 and over would be rubbed and distributed by Oracle.

Java or no, Paul Ferguson, a comparison hazard researcher during Trend Micro, suggested that HTML5 — a Web customary in swell that Apple, Microsoft, and other browser makers are assisting to build — binds a same form of hazard for destiny attacks.

“Wait until HTML5 becomes some-more entire for identical forms of hazard vulnerabilities, and we can have a botnet that runs in your browser,” Ferguson cautioned. “The some-more entire these platforms are, it won’t matter if it’s a mobile device or a computer. It it’s using Java or any other cross-platform technology, a hazard is there.”

Not a initial mainstream hazard to a Mac
Malware programs are designed to collect user information that can be sole to third parties, or used for feign activities. Infected machines can also be used as botnets, that can be rented for use in distributed rejection of use attacks. Flashback is a latest in a array of attacks opposite Mac users by malware — yet it turns out not to be so new.

“Flashback’s come behind around a few times now,” pronounced Steve Bono, principal confidence researcher for Independent Security Evaluators. “It’s probable that these computers have been putrescent given a commencement — someday final fall. These things go unpatched, and once a disadvantage is known, it can take months to make a patch.”

That’s accurately what happened with Flashback. While progressing versions that relied on a square of module meant to demeanour like Adobe’s Flash installer were squashed as partial of confidence updates, this latest various went by Java instead. Oracle updated Java to patch a disadvantage a enemy were going by in February, yet Apple took longer to patch a chronicle it maintains and delivers to users by a module refurbish tool.

MacDefender, final year’s large malware scare, simulated to be an antivirus program.

(Credit:
Intego)

Prior to Flashback, a malware of seductiveness was a square of module called MacDefender, that also went by a name of Mac Security and Mac Protector. The feign antivirus module preyed on users by sanctimonious to be a legitimate antivirus module that would find things on a mechanism afterwards get absolved of them in lapse for users appropriation a full permit to a software. As it incited out, a viruses it was sanctimonious to find were indeed entrance from MacDefender itself.

“The feign antivirus widespread from final year was a genuine branch point,” Roel Schouwenberg, a comparison researcher during Kaspersky Labs, told CNET. “With all a media attention, malware authors satisfied they could make income off Macs.”

Schouwenberg remarkable that besides a initial call from Flashback, and a Mac Defender infections, there was an conflict from malware that actually altered your Mac’s DNS settings.

Apple’s response to a MacDefender emanate was to initial emanate a proceed for users to brand a malware when entrance opposite it on a Web, afterwards to recover a array of updates to a possess built-in malware scanner in OS X called XProtect, all in sequence to strengthen users from incidentally installing it. Those collection were also means to mislay it from machines on that it had already been installed.

Patching a future
One aspect of Apple’s inner enlightenment that frustrates confidence experts is that a company’s position on regulating vulnerabilities has been inconsistent. Experts note that while Apple’s mobile iOS height has been patched in a timely manner, and there are even some during a association who “beat a confidence drum” (according to Schoewenberg), Flashback is an instance of a routine not working.

“Flashback was patched by Adobe for all vital platforms behind in February, yet Apple usually patched it this week,” Schoewenberg said. “Waiting dual months is not acceptable, and we see OS X threats evolving.”

Apple’s Gatekeeper record entrance in a subsequent chronicle of OS X promises to tie down OS security.

(Credit:
Apple)

Apple, that declined to criticism on a Flashback malware, announced skeleton to tie adult confidence in a subsequent vital chronicle of Mac OS X, due for recover this summer, with a underline called Gatekeeper. The new insurance apparatus offers to keep users protected by requiring that developers register with Apple to have their applications sealed and accurate by Apple. Users can afterwards select either they wish to keep their computers from installing module that hasn’t been sealed by a purebred developer.

“The proceed they’re holding is two-pronged: Gatekeeper to make we download things that has during slightest some checking for antagonistic code, and antivirus [XProtect] baked into a OS for when we occur to get hit,” Miller said. “On a grand scheme, they have a right ideas, they only haven’t been gripping adult on things like they should.”

Article source: http://news.cnet.com/8301-1009_3-57410702-83/flashback-the-largest-mac-malware-threat-yet-experts-say/

April 5th, 2012 during 8:13 am – Author

Slyvia

Apple are confronting a problem in a figure of a ‘Flashback’ trojan equine pathogen that is pronounced to have putrescent around 600,000 Macintosh computers, with some-more than half in a States alone.

Russian antivirus program association Dr. Web have issued a news this week that states that a computers using OS X are putrescent by a BackDoor.Flashback virus. Arstechnica also reported on a problem yesterday.

The news highlights that 274 bots are imagining from Cupertino, Calif – a hometown of Apple.

Dr.Web expelled a map detailing a commission of infections worldwide. Canada is in second place with 19.8 percent and a United Kingdom binds 12.8 percent of a problem cases.

Apple have expelled a Java Security refurbish on Tuesday to solve a vulnerabilities that a pathogen uses to feat OSX, however there are many hundreds of thousands of users simply unknowingly that they are infected. Oracle released a repair for this Javascript problem in February.

F-Secure have given instructions on how to analyse and mislay a hazard from your computer, so it is really value looking into. Check it out here.

Kitguru says: Macintosh computers have grown in popularity, that means a antagonistic coders find them a some-more viable aim now.

jQuery(‘.nrelate_pol’).removeClass(‘nrelate_pol’);

Article source: http://www.kitguru.net/apple/slyvia/flashback-trojan-infected-600000-macs-worldwide/