Oh No!!!!!!! New Mac Trojan/ OSX Crisis discovered!

[C(-)ris]

michaelb wrote:
didn't the flashback trojan install without user authentication or interaction too? At least in part. I was thinking the idea that we were safe because we would have to type a password is no longer true or anything we can depend on.

Nope. It used social engineering to try and trick people into installing it. The user had to enter their password to give it admin rights. They had to double click or tell the installer to run regardless and it did something different if it couldn't get admin credentials.

Personally, I have never once run into a single person with Flashback. Nor has anyone ever posted about being infected in any forum I frequent. Wouldn't surprise me if there really were no Flashback infections and that the 500k infected number was made up.

Seems that they are trying to scare up business for their antivirus software. If people are so inclined, they should skip these guys and get Sophos.

[bwicklander]

C(-)ris wrote:
[quote=michaelb]
Seems that they are trying to scare up business for their antivirus software. If people are so inclined, they should skip these guys and get Sophos.

:agree: That was my thought too.

[michaelb]

C(-)ris wrote:
[quote=michaelb]
didn't the flashback trojan install without user authentication or interaction too? At least in part. I was thinking the idea that we were safe because we would have to type a password is no longer true or anything we can depend on.

Nope. It used social engineering to try and trick people into installing it. The user had to enter their password to give it admin rights. They had to double click or tell the installer to run regardless and it did something different if it couldn't get admin credentials.

Personally, I have never once run into a single person with Flashback. Nor has anyone ever posted about being infected in any forum I frequent. Wouldn't surprise me if there really were no Flashback infections and that the 500k infected number was made up.

Seems that they are trying to scare up business for their antivirus software. If people are so inclined, they should skip these guys and get Sophos.
I don't think that is true, here from macworld as an example:

While the original version of Flashback and its initial variants relied on users to install them, this new form is what’s called in the security business a drive-by download: Rather than needing a user to install it, Flashback uses an unpatched Java vulnerability to install itself. wrote:

http://www.macworld.com/article/1166254/...rojan.html

[Paul F.]

C(-)ris wrote:
[quote=michaelb]
didn't the flashback trojan install without user authentication or interaction too? At least in part. I was thinking the idea that we were safe because we would have to type a password is no longer true or anything we can depend on.

Nope. It used social engineering to try and trick people into installing it. The user had to enter their password to give it admin rights. They had to double click or tell the installer to run regardless and it did something different if it couldn't get admin credentials.

Personally, I have never once run into a single person with Flashback. Nor has anyone ever posted about being infected in any forum I frequent. Wouldn't surprise me if there really were no Flashback infections and that the 500k infected number was made up.

Seems that they are trying to scare up business for their antivirus software. If people are so inclined, they should skip these guys and get Sophos.
AHEM.. *COUGH*

http://forums.macresource.com/read.php?1...24,1340862#

I found it "in the wild" before it made the news.
One ONE computer out of 140-ish...
Other than fubar-ing Rosetta on that computer, it didn't do anything noticable.

[JoeH]

Paul F. wrote:
AHEM.. *COUGH*

[forums.macresource.com]#

I found it "in the wild" before it made the news.
One ONE computer out of 140-ish...
Other than fubar-ing Rosetta on that computer, it didn't do anything noticable.

Some minor variants of that Trojan attempted to record passwords and the like and send them to a remote site. Don't know how well that portion of the code worked.

[C(-)ris]

I stand corrected on the never seen in the wild.