Flashback trojan reportedly controls half a million Macs and counting

**scooby** · 5 April 2012, 09:31

Excellent post

I'm clean, but I dont know if thats because I dont use safari...

**NickFitz** · 5 April 2012, 14:24

I'm always dubious about tech news sites running big-figure virus stories that originate in press releases from AV companies, but there's no doubt this is a problem.

At least ars technica's story is pretty straightforward and informative, unlike the breathless hysteria of Gizmodo, which repeats ludicrous myths like "It's written in an unknown language" - umm, it's written in C with a simple OO framework based on macros and preprocessor directives, compiled with Microsoft Visual Studio

(My Macs are clean BTW, and I use Safari.)

**Sysman** · 6 April 2012, 07:36

Originally posted by NickFitz View Post

I'm always dubious about tech news sites running big-figure virus stories that originate in press releases from AV companies, but there's no doubt this is a problem.

Seceral years ago Intego got themselves a bad name in Mac community by scare stories based on a proof of concept attack. That proof of concept worked ('cos I tried it out), but it was never seen in the wild. They are like bloody tarts.

And don't get me started on that Graham Cluley character. He's a media whore. Oh look, here's his WIki entry, which unsurprisingly says:

This article appears to be written like an advertisement. Please help improve it by rewriting promotional content from a neutral point of view and removing any inappropriate external links. (April 2009)

Originally posted by NickFitz View Post

At least ars technica's story is pretty straightforward and informative, unlike the breathless hysteria of Gizmodo, which repeats ludicrous myths like "It's written in an unknown language" - umm, it's written in C with a simple OO framework based on macros and preprocessor directives, compiled with Microsoft Visual Studio

(My Macs are clean BTW, and I use Safari.)

They also blindly copied a subset of the instructions at F-Secure. It's bleedin' obvious that the bit that says "The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist" should come straight after Point 1.

**NickFitz** · 8 April 2012, 20:17

Turns out this Trojan will run away - well, delete itself - if it thinks you're too geeky: Flashback Trojan Creators Scared of Xcode, But Not Norton Antivirus - Waxy.org

**mos** · 8 April 2012, 20:29

If you are running versions of OS X prior to Snow Leopard (10.6), then you are out of luck.

I am afraid that Macs became one season toys ... and version 10.6 is an ancient history, who cares. That would explain exceedingly slow reaction from the Apple.

**cojak** · 9 April 2012, 09:39

Originally posted by mos View Post

I am afraid that Macs became one season toys ... and version 10.6 is an ancient history, who cares. That would explain exceedingly slow reaction from the Apple.

**Sysman** · 9 April 2012, 10:41

Originally posted by NickFitz View Post

Turns out this Trojan will run away - well, delete itself - if it thinks you're too geeky: Flashback Trojan Creators Scared of Xcode, But Not Norton Antivirus - Waxy.org

Little Snitch is the best there, since that's the one which will tell you if some malware is trying to connect to the outside world.

Dont have Little Snitch?

Code:

sudo mkdir -p /Library/Little Snitch # snigger

Or yet better, get it: Little Snitch.

**chef** · 29 April 2012, 11:02

does anyone here actually use any antivirus on their mac?

**Sysman** · 29 April 2012, 12:30

Originally posted by chef View Post

does anyone here actually use any antivirus on their mac?

Nope.

I did try the Sophos freebie for a while but it never reported anything and hit the bit bucket when I had a general clearout of stuff I no longer use.

If I was reading my email on Windows, then maybe I'd use an antivirus package on the Mac to squash email nasties, but I only read email on the Mac or Linux.

Flashback trojan reportedly controls half a million Macs and counting