- Itool For Mac
- Flashback Removal Tool For Mac
- Malware Removal Tools For Mac
- F Secure Flashback Removal Tool For Mac
Helpful Links Regarding Flashback Trojan and Virus Protection. An excellent link to read is Tom Reed's Mac Malware Guide. A link to a great User Tip about the trojan: Flashback Trojan User Tip. To check for the trojan: Anti Flashback Trojan 2.0.4. A Google search can reveal a variety of alternatives on how the remove the trojan should your computer get infected. Mac OS X 10.5 Leopard Flashback removal tool. Posted on by Julian. Tweet; Apple released a removal tool for OS X Lion (v10.7) and Snow Leopard (v10.6) last month (April), but has only now issued an update for OS X v10.5 Leopard. Unfortunately Apple has been unable to provide an automatic removal tool update, so you will have to. Mac Flashback Trojan – FREE Tools for Mac Trojan Removal Posted on April 26, 2012 by computerdoctora Apple was in the news lately, and it was not because of record sales of the new iPad or because of an increase in value of its stock.
F-Secure the Antivirus company have come up with a Flashback removal tool to make this process much easier for any users. Just download and double click on the file to complete the removal of flashback trojan from your mac. Malwarebytes for Mac is a great quick removal tool and now offers automatic scanning features if you want them. It will remove most of the obnoxious software out there, which makes it our main pick. Apple Releases Flashback Malware Removal Tool and Patches Apple has released a malware removal tool for the most common variant of the Flashback Trojan, as well as security updates to mitigate the vulnerability exploited by the malware for OS X Lion v10.7.3, OS X Lion Server v10.7.3. Mac OS X v10.6.8 and Mac OS X Server v10.6.8.
Mac users are once again being reminded to keep their anti-virus software up-to-date, following the discovery of a Trojan horse that poses as an update to Adobe Flash.
The OSX/Flshplyr-A Trojan horse (called “Flashback” by our friends at Intego, who first publicised it), is disguised as an installer for the popular Adobe Flash program.
Once in place, Trojan horse could allow a remote hacker to gain access to your computer or download further malicious code to your Mac.
Sophos products, including Sophos’s free anti-virus for Mac home users, detects the Flashback malware as OSX/FlshPlyr-A.
It’s easy to imagine how cybercriminals could trick Mac users into infecting their computers with this malware.
For instance, it would be child’s play to create a website which pretends to show something salacious (“Scarlett Johansson nude video!” would probably do well at the moment, for instance) and then when you try to view it, you’re prompted to install an update to Adobe Flash. Of course, rather than the genuine Flash you would be installing the Trojan horse.
Similar tricks have certainly worked well in the past – against both Windows and Mac users.
![Flashback Removal Tool For Mac Flashback Removal Tool For Mac](/uploads/1/2/6/0/126013928/771431617.jpg)
Here’s a video of another malware attack that tripped up Mac and Windows users, by duping them into installing a fake update to watch a sex movie of Leighton Meester:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Maybe now you can see just how easy it is for some folks to fall for this kind of trick. This is just one example of if happening in real life, there have been plenty of others.
Flashback is just the latest example of Mac malware follows hot on the heels of another Trojan horse for the OS X platform. The OSX/Revir-B Trojan was discovered, displaying a political hot potato of a PDF as a distraction while it did its dirty work.
We all know that there is much much more malware written for Windows than there is for Mac OS X. But that doesn’t mean it’s non-existent, and it’s no excuse for leaving Apple Macs unprotected.
Sophos Anti-Virus for Mac Home Edition is fully-functioning and free for home use. What have you got to lose?
What you need to know about the Flashback trojan
On April 4, Russian antivirus vendor Dr. Web published strong evidence that more than 500,000 Macs have been infected by the latest variant of the Flashback trojan. As Mikko Hypponen, Chief Researcher at F-Secure pointed out via Twitter, if there are roughly 45 million Macs out there, Flashback would now have infected more than 1 percent of them, making Flashback roughly as common for Mac as Conficker was for Windows. Flashback appears to be the most widespread Mac malware we’ve seen since the days when viruses were spread on infected floppy disks; it could be the single most significant malware infection to ever hit the Mac community.
Here’s what you need to know about Flashback, what you can do about it, and what it means for the future of Mac security.
What is Flashback?
Flashback is the name for a malicious software program discovered in September 2011 that tried to trick users into installing it by masquerading as an installer for Adobe Flash. (Antivirus vendor Intego believes Flashback was created by the same people behind the MacDefender attack that hit last year.) While the original version of Flashback and its initial variants relied on users to install them, this new form is what’s called in the security business a drive-by download: Rather than needing a user to install it, Flashback uses an unpatched Java vulnerability to install itself.
If you visit a malicious (or unwillingly infected) website hosting Flashback, the program attempts to display a specially crafted Java applet. (We don’t yet know how many websites host Flashback.) If you have a vulnerable version of Java installed and enabled in your Web browser, the malicious code will infect your system and then install a series of components. Since Apple did not release an update for that vulnerable version of Java until April 3rd, many users were and are still susceptible.
After initial infection, Flashback pops open a Software Update window to try and obtain your administrative password, but it does so only to embed itself more deeply into your Mac. Even if you aren’t fooled at this point, you are still infected.
▾ read more ▾Once it succeeds in infecting your Mac, Flashback inserts itself into Safari and (according to F-Secure) appears to harvest information from your Web browsing activities, including usernames and passwords. It then sends this information to command-and-control servers on the Internet.
The significant thing is that, unlike almost all other Mac malware we’ve seen, Flashback can insinuate itself into your system if you merely visit an infected webpage and are using vulnerable software. You do not need to enter your administrative password or to manually install anything.
Am I at risk?
You are at risk if you meet four criteria:
1. You have Java installed on your Mac. One way to find out: Open Terminal and type
java -version
at the prompt. If you do have Java installed, you'll get a version number. It is installed by default on OS X 10.6 Snow Leopard, but not by OS X 10.7 Lion. (But is installed the first time you need to run it, which means most Macs likely have it).Itool For Mac
2. You do not have the Java for OS X Lion 2012-001 (if you're running OS X Lion) or Java for Mac OS X 10.6 Update 7 installed (if you're running Snow Leopard) or you were infected before either of them was installed. Both of those updates install Java version 1.6.0_31; running that
java -version
command above will tell you if that's what you've got.3. You allow Java applets to display in your browser. In Safari, go to Preferences > Security > Web Content and see if the Enable Java option is checked. You can turn that option off by unchecking it.
4. You do not have certain security tools installed on your Mac that Flashback checks for, including Little Snitch, Xcode, and a few anti-malware tools.
Antivirus vendors do not appear to have detected this particular version of Flashback for a few days after it appeared in the wild, though some vendors—including Intego—protected users with updates in late March. Malware often shares bits of code from earlier versions that may be detectable by antivirus products before those products have been specifically updated to catch newer versions, but such protection is hit-or-miss.
How can I tell if I’m infected?
F-Secure posted instructions for checking your Mac, which require running a few commands in Terminal. All antivirus products should also be detecting it at this point if you have the latest signatures installed. (Usually, you can do so manually in your security app’s preferences, but this varies from product to product; most automatically update).
How can I protect myself?
The first thing to do is run Software Update and make sure you have the latest patches. This will prevent any infections that exploit the current vulnerability; there aren’t any other known infection vectors (other than tricking you into installing it, which won’t go away anytime soon and doesn’t rely on Java).
There are a few other things I’d recommend you do to reduce the chances of future drive-by malware infections:
Disable Java in Safari and other Web browsers. Unlike Flash, you rarely need it these days. Again, in Safari, go to Preferences -> Security -> Web Content and uncheck Enable Java. The folks at TidBITS posted instructions and screenshots for doing the same in Chrome and Firefox.
Uninstall Flash and use Google Chrome as your browser. Google Chrome includes an embedded, sandboxed version of Flash that reduces the chances an attacker can infect your system. Download the Flash uninstaller, then install Google Chrome.
If you don’t need Java at all, disable it. The Java Preferences utility is in /Applications/Utilities; uncheck the boxes next to the versions listed in the General tab. Be careful, though: Some programs such as CrashPlan (which I use) require it. But there aren’t many apps like that on the Mac market anymore.
Flashback Removal Tool For Mac
I still use Safari, but when I need Flash I switch to Google Chrome. I haven’t allowed Java to run in my browser for some years now, due to my fear of this kind of attack. Mac antivirus tools may help, but they still don’t catch everything. That said, the current programs are far less intrusive and performance-impairing than they used to be; some of them (including Sophos and ClamXav) offer free versions. Remember, antivirus tools aren’t perfect, and you can still be infected by new malware if those tools don’t specifically protect against it. Many Windows users learn this lesson the hard way on a daily basis.
Are there really more than half a million infected Macs?
Yes, it really looks that way.
While we don’t have independent validation, the techniques described by Dr. Web to measure the infection are plausible: Using one called sinkholing, Dr. Web redirected command-and-control traffic to its own analysis server. Since each infected Mac provides its unique device ID when connecting to the server, this allows Dr. Web to count infections on a per-machine basis; that’s more accurate than counting connections based on IP addresses (which might be shared by multiple Macs).
We also have anecdotal evidence supporting the claim. In linking to a report on Ars Technica about Flashback, John Gruber asked his readers at Daring Fireball to check their Macs and let him know if they were infected. Over the course of six hours, John received positive reports from about a dozen of his readers—who are generally experienced Mac users.
Is this different from previous Mac malware?
Flashback is the first widespread drive-by malware to attack Macs. This is one of the most pernicious attack techniques, which has long troubled Windows users, and it does represent a major advance.
Most Mac malware hides itself inside software programs—such as pirated software, obscure games, or non-standard video players—that the average users is unlikely to install. Because it can infect a vulnerable computer without user interaction, Flashback is far more serious. As we’ve seen in the Windows world, this is an extremely effective technique.
Intego says it has detected dozens of new variants in the past few days, which means the malware authors are working hard to extend the life of the infection.
Is Apple responsible?
The vulnerability in Java that Flashback exploits was patched in February by Oracle (which inherited Java as part of its acquisition of Sun Microsystems). But Apple waited nearly two months to update OS X with that patched version.
This is the single biggest security issue for Macs. OS X includes a number of software components from third-party vendors and the Open Source software community, and Apple has a terrible track record in updating those components. When a vulnerability becomes publicly known because it’s been patched on another platform, but it isn’t patched on another, the bad guys have a straight-line roadmap to compromising that unpatched system.
Apple may believe that not including Flash or Java in current versions of OS X prevents these kinds of attacks, but too many users still install these tools. Apple has made incredible strides in improving the security of its products, but its delayed patching of known vulnerabilities is still a problem.
What does this mean for the future of malware on Macs?
Flashback doesn’t necessarily mean that Macs will soon be as laden with malware as Windows computers. But the future of the platform’s security depends a lot on Apple and good old fashioned luck.
Drive-by attacks rely on vulnerabilities in Web browsers and other software—such as email and RSS readers—that view webpages. It’s not enough to run vulnerable software; that software needs to be exploitable, meaning it allows an attack to extend its tendrils into your system. Apple has been introducing a series of technologies—tools like Address Space Layout Randomization (ASLR), sandboxing, and DEP—to reduce the chances of exploitation even when a Mac is vulnerable and to limit the potential damage of an attack. But these technologies aren’t perfect, especially when complex programs that run Web content like Java or Adobe Flash are involved.
Apple clearly needs to start patching software that’s known to be vulnerable more quickly. After the success of Flashback, we can only assume the bad guys will move more quickly the next time they are given this window of opportunity. Cupertino should consider further sandboxing Safari. It should also explore the possibility of sandboxing Flash and Java independently; if the latter isn’t technically feasible, the company should work more directly with the vendors of those technologies to develop sandboxed Mac versions. Adobe recently added more-extensive sandboxing to Acrobat on Windows, and that has reduced the effectiveness of attacks.
Gatekeeper will significantly change the game for manually installed trojans when it’s released later this year; it will make that form of attack much less profitable (and thus less likely).
Malware Removal Tools For Mac
The bad guys clearly care more about Macs now. But we need to keep our perspective: We still see far less malware for Macs than we do for, say, Android phones. Yet there's no doubt that Flashback is a significant development. I believe it shows we will see more malware on Macs. I’m also convinced these will be infrequent events and not the ongoing onslaught of epidemics that some observers are predicting—as long as we all take precautions and stay vigilant.
[Rich Mogull has worked in the security world for 18 years. He writes for TidBits and works as a security analyst through Securosis.com.]
F Secure Flashback Removal Tool For Mac
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.