What's new
Apple iPad Forum 🍎

Welcome to the Apple iPad Forum, your one stop source for all things iPad. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Flash Trojan virus for Mac's

Poser

iPF Noob
Joined
Jul 2, 2011
Messages
816
Reaction score
27
Location
toronto
Mac Flashback Trojan Horse

Users visiting certain malicious websites may see a link or an icon to download and install Flash Player. Since Mac OS X Lion does not include Flash Player, some users may be fooled and think this is a real installation link. When they click the link, an installation package downloads, and, if the user is using Safari as their web browser, the Mac OS X Installer will launch. (Safari considers installer packages, with .pkg or .mpkg extensions, to be "safe" files and will launch them after download, if default settings are used.)

If the user proceeds with the installation procedure, the installer for this Trojan horse will deactivate some network security software, and, after installation, will delete the installation package itself. The malware installs a dyld (dynamic loader) library and auto-launch code, allowing it to inject code into applications the user launches. This code, installed in a file at ~/Library/Preferences/Preferences.dylib, connects to a remote server, and sends information about the infected Mac to this server: this includes the computer's MAC address, a unique identifier. This will allow the malware to detect if a Mac is infected.

For now, Intego has analyzed this malware and its installation process. Intego's security researchers are analyzing the injected code and we will issue more information as soon as possible.

Means of protection: Users should not download a Flash Player installer from any site other than adobe.com. Mac OS X Lion does not include Flash Player, but users who wish to install this software should visit Adobe's website.

Next, it is advisable, for those who use Safari as their web browser, to uncheck Open "safe" files after downloading in the program's General preferences. This will prevent installer packages - whether real or malicious - from launching automatically.

Finally, if an installer claiming to be a Flash Player installer appears, users should be very careful to ensure that they did, indeed, download it from Adobe's web site. If not, they should quit the installer.

VirusBarrier X6 protects users from this malware with malware definitions dated September 26, 2011 or later. VirusBarrier X6's real-time scanner will detect the file when it is downloaded, and its Anti-Spyware protection will block any connections to remote servers if a user has installed the Trojan horse. VirusBarrier Express and VirusBarrier Plus, available exclusively from the Mac App Store, detect this malware with malware definitions dated September 26, 2011 or later, but these programs do not have a real-time scanner, due to limitations imposed by the Mac App Store; users should scan their Macs after they have updated to the latest malware definitions, or manually scan any installer packages they have downloaded if they seem suspicious.
 

richsadams

iPF Noob
Joined
Mar 23, 2011
Messages
3,500
Reaction score
99
Location
NW Left Coast
Thanks for that Poser...good info for us Mac users indeed! :thumbs:

To check to see if you have this file:


~/Library/Preferences/Preferences.dylib


~ is your home folder.


NOTE: Lion users, holding down the Option key will show the “Library” directory as an option in the Finder's Go menu.



More here:


http://reviews.cnet.com/8301-13727_7-20111639-263/another-os-x-trojan-imitates-adobe-flash-installer/


http://blog.intego.com/2011/09/26/intego-security-memo-–-september-26-2011-mac-flashback-trojan-horse-masquerades-as-flash-player-installer-package/


Bottom line, this sort of thing is extremely rare for Mac users and probably won't affect many (and I'm sure Apple will issue a software update very quickly), however never EVER just click on a file to download or install something unless you're sure it's legitimate - whether you use Mac, Windows or otherwise!

Thanks again for the heads-up!
 

zhianzee

iPF Noob
Joined
Sep 26, 2011
Messages
4
Reaction score
0
Thanks rich and poser! I didn't know about this until now. I hope I won't be victimized.
 

Most reactions

Latest posts

Top