Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Half a million Mac computers 'infected with malware'
BBC ^ | April 2012 Last updated at 08:54 ET

Posted on 04/05/2012 8:45:23 AM PDT by null and void

An investigation by Dr Web suggests that about 600,000 Macs have the malware - potentially allowing them to be hijacked and used as a "botnet".

It says that more than half that number are in the US.

Flashback was first detected last September when anti-virus researchers flagged software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer's security software.

Remote control

"By introducing the code criminals are potentially able to control the machine," the firm's chief executive Boris Sharov told the BBC.

"We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals' hands. However, we know people create viruses to get money.

"The largest amounts of bots - based on the IP addresses we identified - are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people."

Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California - home to Apple's headquarters.

Update wait

Apple released its own "security update" on Wednesday - more than eight weeks later. It can be triggered by clicking on the software update icon in the computer's system preferences panel.

The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.

Although Apple's system software limits the actions its computers can take without requesting their users' permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable.

"People used to say that Apple computers, unlike Windows PCs, can't ever be infected - but it's a myth," said Timur Tsoriev, an analyst at Kaspersky Lab.

Apple could not provide a statement at this time.

(Excerpt) Read more at bbc.co.uk ...


TOPICS:
KEYWORDS: apple; bots; flashback; hacking; internet; mac; malware; microsoft; osx; tech; virus; windows
Navigation: use the links below to view more comments.
first previous 1-5051-100101-150151-185 next last
To: Swordmaker

I love the pop-up windows I get occasionally that say a virus has been detected in my Windows software, and all I have to do is download their product to clean it up - on my Mac.


101 posted on 04/06/2012 8:13:01 AM PDT by SlowBoat407 (Anyone can fib. It takes an intellectual to tell a really big lie.)
[ Post Reply | Private Reply | To 84 | View Replies]

To: for-q-clinton
Not Possible! Swordmaker and the macbots have told me that only windows gets stuff like this.

Swordmaker nor any other MacBott have told you any such thing, less likely or unlikely yes, impossible? No.

I have been on line with my Macs a little over 20 years and have never been infected, and I run no virus ware because I consider most of it as obnoxious as the Virus it is supposed to protect me from.

If I am so unfortunate to encounter a Virus, I know a fix will be posted on MacSurfer.com so I don't worry over concern trolls like yourself.

102 posted on 04/06/2012 9:55:38 AM PDT by itsahoot (Tag lines are a waste of bandwidth, as are most of my comments.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: for-q-clinton

To see if you haven’t got it:

In terminal run:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

You should get this error:

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

Then run:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

You should get this error:

The domain/default pair of (/Users/YOURUSER/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

If you do you are clean of this variant!


103 posted on 04/06/2012 9:59:35 AM PDT by itsahoot (Tag lines are a waste of bandwidth, as are most of my comments.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Para-Ord.45

Make it a point though to set up a standard account & use it for day to day stuff.


104 posted on 04/06/2012 10:34:49 AM PDT by Tribune7 (GAS WAS $1.85 per gallon on the day Obama was Inaugurated! - - freeper Gaffer)
[ Post Reply | Private Reply | To 98 | View Replies]

To: Swordmaker

Yeah, I had a laugh about that. The work machine is Windulls, and slows to a crawl dozens of times a day because the OS is so vulnerable to virus attacks that the virus prevention program consumes a lot of the CPU.


105 posted on 04/06/2012 10:46:39 AM PDT by SunkenCiv (FReepathon 2Q time -- https://secure.freerepublic.com/donate/)
[ Post Reply | Private Reply | To 83 | View Replies]

To: HamiltonJay
Yes, that comes with pricetags I don’t care for, ungodly overpriced hardware,

I had to laugh at this because I was listening to Rush just now explain why advertising has no effect on him. He just looks for the most expensive version of what he would like and buys that. Admittedly he is not typical, but he is a Fan-Boy.

106 posted on 04/06/2012 12:01:13 PM PDT by itsahoot (Tag lines are a waste of bandwidth, as are most of my comments.)
[ Post Reply | Private Reply | To 35 | View Replies]

To: ctdonath2

You’re the one that is narrowing it down. Not a single person is talking about OS8, so why should we be talking about windows 95 and such.

Let’s just focus on the OS that is current or even one old. So let’s go with Vista and Win7. No it’s your turn...point me to a website that will infect my machine.

I’m still waiting.

Also we all know why OSX has been relatively safe on the Internet...1st it has decent security (much like Windows Vista); however, it also enjoys the luxury of no one using it. But now that it is more popular we will continue to see attacks like the one in this thread. Which is what I’ve always said and I’ve now been proven right. This is 3 pretty big attacks in what 6 months? Imagine what would happen if OSX had the market penetration Windows has!

There isn’t a single thing you can say to dispute these facts. So obfuscate all you want and keep comparing the latest OS from Apple vs Microsoft’s OSes from over a decade ago. That’s how sad this truly is...to compete Apple needs to focus on a decade old OS to say it’s better.


107 posted on 04/06/2012 12:27:52 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 99 | View Replies]

To: for-q-clinton
For years people have listened to the lies of macbots and being over the top helps drive home the point to everyone that isn’t a zealot.

That has worked so well that you have pushed Apple to the Brink of becoming the first Trillion dollar company. Good work, keep it up.

Apple is doomed, I tell ya


108 posted on 04/06/2012 12:35:08 PM PDT by itsahoot (Tag lines are a waste of bandwidth, as are most of my comments.)
[ Post Reply | Private Reply | To 57 | View Replies]

To: Tribune7; dayglored

Here’s another one of those people who don’t exist.


109 posted on 04/06/2012 12:36:41 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 94 | View Replies]

To: itsahoot

I too have never received a virus no anyone in my family. I guess windows is just as good if not better because there are 5 people I’m vouching for and you only mentioned 1.

That’s some great logic there isn’t it?


110 posted on 04/06/2012 12:38:42 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 102 | View Replies]

To: SunkenCiv; Swordmaker; dayglored
The work machine is Windulls, and slows to a crawl dozens of times a day because the OS is so vulnerable to virus attacks that the virus prevention program consumes a lot of the CPU.

Please point me to one website that will install a virus on my machine. Now you said virus so I expect it to be self replicating and all that stuff that gets thrown at me for using the term virus in the generic sense. But I'll give you the fact that you really meant malware, so if you can point me to a malware site that will infect my windows machine please do. Otherwise this is just more FUD.

111 posted on 04/06/2012 12:41:05 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 105 | View Replies]

To: itsahoot

Huh? You know that’s not what I meant. What I’m doing is pointing out to the idiots who believed the lies that OSX was malware proof. They need to wake up and follow good PC security or else they will end up just like they were when using windows.


112 posted on 04/06/2012 12:43:12 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 108 | View Replies]

To: for-q-clinton
I have given links several times in the past and you know it.

No you haven't because they don't exist, not in SwordMaker's DNA to do that, or any other genuine Mac user. I suspect some of those over the top comments by so called Mac users are just that.

I can say this, For over 20 years I have been on line with a Mac and to my knowledge I have never had a virus of any kind, can you say the same thing?

113 posted on 04/06/2012 12:45:31 PM PDT by itsahoot (Tag lines are a waste of bandwidth, as are most of my comments.)
[ Post Reply | Private Reply | To 70 | View Replies]

To: for-q-clinton
So windows XP counts but previous versions of mac oses don’t.

You can bout all of them even before system 7 and I dare you to show me on Virus. They were a non issue in those days, which is something you should know.

114 posted on 04/06/2012 12:52:25 PM PDT by itsahoot (Tag lines are a waste of bandwidth, as are most of my comments.)
[ Post Reply | Private Reply | To 77 | View Replies]

To: for-q-clinton; Swordmaker; dayglored
Need I say more.

I am sure you would, if you could. You look at a post that is nothing but facts and decide it is a bunch of MacBot lies.

115 posted on 04/06/2012 1:00:32 PM PDT by itsahoot (Tag lines are a waste of bandwidth, as are most of my comments.)
[ Post Reply | Private Reply | To 87 | View Replies]

To: for-q-clinton
They need to wake up and follow good PC security or else they will end up just like they were when using windows.

Well that should make you very happy, so why are you trying to warn the idiots?

116 posted on 04/06/2012 1:26:57 PM PDT by itsahoot (Tag lines are a waste of bandwidth, as are most of my comments.)
[ Post Reply | Private Reply | To 112 | View Replies]

To: GOYAKLA
Thank you. I forgot how to run terminal but looked it up. I copied and pasted both those strings at your link and got does not exist both times.

I was a little worried because my Safari crashes a lot, I disabled Java when things went bonkers not too long ago and flash drives me crazy because it requires updating about once a week. I always go to Adobe.

Well, the last time I went to Adobe because the eaglecam wouldn't work suddenly. I dl'ed and ran the update, went back to the eaglecam, and it still wouldn't work. I got the flash prompt again and ran it from the eaglecam page. It took. Usually I never run the update from a popup, so I don't know what happened with that but it worried me I might have picked up something that way.

Thank you for posting that although I had to trust blindly that it was ok to run it as I don't have a clue what those commands mean. Seems like it's comparable to going into DOS in Windows which I had to do sometimes.

117 posted on 04/06/2012 2:04:53 PM PDT by Aliska
[ Post Reply | Private Reply | To 8 | View Replies]

To: Swordmaker
Hi Swordmaker,

Kaspersky claims to have confirmed the ~1/2 million infected computers, of which he says probably 98% are running OS-X.

http://www.pcmag.com/article2/0,2817,2402715,00.asp

I'm willing to believe Kaspersky; he's often run around with his hair on fire, but he seems to have done a good job of checking on this one.

I'd say, at this point, this looks to be the first big "Java-bites-OS-X" event that didn't get stopped quickly enough. F-Secure has a page with good information (quite technical) here:
http://www.f-secure.com/weblog/archives/00002336.html

118 posted on 04/06/2012 2:51:44 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 83 | View Replies]

To: dayglored; All

Please quit bashing Macs. It gets tiresome.

Coming on the thread to gloat about a story that is weeks old (Swordmaker warned us not to download from a pop-up back in February, if I remember right).

I don’t get the hostility from PC enthusiasts toward thos of us who prefer Macs. There must be some deep insecure anxiety in their precious liitle hearts.

Happy Mac user since the original IIe.


119 posted on 04/06/2012 5:42:43 PM PDT by jacquej
[ Post Reply | Private Reply | To 118 | View Replies]

To: jacquej; Swordmaker
> Please quit bashing Macs. It gets tiresome.

You must be joking. I'm regularly called a Macbot for my defense of Apple against untrue attacks.

Swordmaker, help me out here! :)

Jacquej, you misunderstand. I've had Macs since 1984 (and worked on an Apple ][ and Lisa before that). I like Apple's hardware products -- they make terrific workstation platforms and virtual machine hosts. I run OS-X on them along with Win7, XP, Linux, and NetBSD. I'm typing this on a MacBook, which is sitting next to my iPad, and I'm listening to the stereo playing MP3s off my iPod Touch. The Mac Mini (bootcamped Snow Leopard and Win7) is presently turned off. The older PPC Mini which runs Fedora 10 Linux is likewise off at the moment.

AHEM.

Now with all the above said, I refuse to stick my head in the sand, either. This particular attack based on Java vulnerabilities seems to have escaped Apple's attention for long enough that it got pretty widespread. That's a new thing.

I'm not going to deny that one of the main reasons I use OS-X as my personal favorite interactive operating system is that it is quite robust against malware. (The other reason is that it's based on BSD Unix, my favorite system OS.)

But I'm also not going to deny that ALL operating systems can have vulnerabilities, and that those problems require addressing in a timely fashion.


Meanwhile, I found these pages useful to determine whether one is infected, and what to do about it.

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

Run the following in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

If you're not infected you should see:
The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you're not infected you should see:
The domain/default pair of (/Users/rff/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

If you see other stuff, follow the instructions on the linked page above to clean it out.
120 posted on 04/06/2012 7:18:31 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 119 | View Replies]

To: Swordmaker
Hi Swordmaker,

I followed F-Secure's instructions (the two Terminal commandline commands above) on my main MacBook and came out clean.

I noticed a curious thing on the F-Secure page:

On execution, the malware checks if the following path exists in the system:

    * /Library/Little Snitch
    * /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
    * /Applications/VirusBarrier X6.app
    * /Applications/iAntiVirus/iAntiVirus.app
    * /Applications/avast!.app
    * /Applications/ClamXav.app
    * /Applications/HTTPScoop.app
    * /Applications/Packet Peeper.app

If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.
Well, I don't run any anti-virus on my Macs. But I install the developer package Xcode on all my machines by default because it gives me the C compiler, RCS version control, etc. Who would have guessed that it gave me an inoculation against this nasty piece of malware too!! :)
121 posted on 04/06/2012 7:25:28 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 120 | View Replies]

To: dayglored

Thank you!

I’m clean. :)


122 posted on 04/06/2012 7:27:21 PM PDT by thecodont
[ Post Reply | Private Reply | To 120 | View Replies]

To: dayglored
Kaspersky claims to have confirmed the ~1/2 million infected computers, of which he says probably 98% are running OS-X.

We are STILL not seeing large numbers of people reporting finding the malware existing on their computers. This simply does not compute with the reports of what Kaspersky and Dr. Web are reporting... I would be more suspicious of a false bombing attack with a few computers forging signatures than that many Macs being infected from the few non-popular website so far identified carrying the Trojan such as:

godofwar3.rr.nu
ironmanvideo.rr.nu
killaoftime.rr.nu
gangstasparadise.rr.nu
mystreamvideo.rr.nu
bestustreamtv.rr.nu
ustreambesttv.rr.nu
ustreamtvonline.rr.nu
ustream-tv.rr.nu
ustream.rr.nu

Can you conceive of hundreds of thousands of Mac users—no make that millions of Mac users (counting the immune ones without JAVA installed), visiting THOSE websites—in just a couple of months, and either being tricked into, or drive by installing, the Trojan? Frankly. I can't.

And what's with 98% of the signatures being OSX???? This is a JAVA script vulnerability! When have you known Windows users to have such a complete install of a patch to any vulnerability that almost ALL hits from a cross platform bot are from a non-Windows source??? Doctor Web on first report said 56% were Macs... now, suddenly Kaspersky says 98% are Macs? What gives? I simply don't believe it.

I think the OS signatures are being spoofed by the Trojan, an easy thing to do—since Mac users are NOT reporting finding the Trojan in large numbers on the forums! Mac users are notorious for reporting problems when they find them—and they simply are not reporting this.

123 posted on 04/06/2012 7:36:49 PM PDT by Swordmaker
[ Post Reply | Private Reply | To 118 | View Replies]

To: itsahoot

My goal is to help everyone know and practice good PC security. In the past the macbots made it difficult for the ignorant to know the truth. Heck there are still some even in this thread acting like this proven malware on OSX in the wild doesn’t really mean anything. I need to make sure people don’t believe those fools. They need good PC security practices and a 3rd party firewall and ac solution. Relying on one company alone is a big risk and yes that includes apple and Microsoft.


124 posted on 04/06/2012 7:52:15 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 116 | View Replies]

To: Swordmaker
Well, there's a lot of hand waving going on, that's for sure. And the anti-virus vendors are drooling all over themselves at the prospect of having a real live Mac malware to wave around.

But their (ahem) enthusiasm doesn't invalidate the actual facts (whatever they are) behind the stories.

For example, I don't think that list of infected websites is complete, or that that is the only mechanism for infection. We still have more to learn about this malware. And it's POSSIBLE that the low number of user reports of infections could just be that (like myself) most Mac users tend to not bother much with anti-virus software and testing.

Now, as you know, I'm skeptical by nature, suspicious of marketers' motives, and cynical as hell about virus writers and the companies that make money "fighting" them.

We'll all know in a few months whether this was real or not. In the meantime, it appears to me that it COULD be real. We won't know for a while how it progresses. Perhaps like the Y2K event, if it is handled sufficiently well, the aftermath will be minimal and most people will say, "What was that all about? Nothing went wrong!". That would be a nice outcome for this malware.

But that requires action. I'm of the opinion that this COULD be the first successful widespread attack, and that it's worth a reasonable effort to pound it back down into oblivion, on the off chance that if we don't take it seriously enough, we'll learn in a few months that it was worse than we thought.

I'd rather be wrong in the safe direction. :)

125 posted on 04/06/2012 7:53:31 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 123 | View Replies]

To: for-q-clinton
Geez, 4Q, you STILL here???

> I need to make sure people don’t believe those fools.

Oh BULL. Any conceivable good you might have done in that regard was completely obliterated early on by your obnoxious trolling. Do you really think the people you think you're "helping" like to be called nasty names while being "helped"???

Besides, at this point there are only a couple of us die-hards left on this thread. You can back off without guilt.

> My goal is to help everyone know and practice good PC security.

Thanks for the laugh. You're a riot and a half. And self-righteous to boot. What a combination. :)

126 posted on 04/06/2012 8:00:20 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 124 | View Replies]

To: dayglored
Not one of the Mac users on FR has reported being infected. That should tell you something about whether this is a widespread, or not. I still maintain this is a tempest in a teapot, like the previous Trojans.

A year ago, the installed base of Mac OSX computers topped 60 million. In the year since, Apple sold approximately 16 million more Macs, making a total of approximately 75 million OSX Macs in the installed base! A Trojan that can infect 0.8% of the installed base SHOULD be making waves on the forums by people reporting they have found it on their computers, especially in the US... so where are they? The word is out about how to find it easily and how to easily eradicate it.

I am not seeing ANY widespread reports of Mac users reporting they are infected. with a supposed 600,000, they should be all over the place, and they are not. Even in the comments in the articles, no one is reporting THEY are infected. Instead, you see numerous reports of people reporting "I am clean!" Nor are they reporting they KNOW of someone who found they were infected... only the security labs are reporting how to detect the infection on computers they have deliberately infected! That is why I say this stinks!

Note that the websites carrying the Trojan are NOT US websites... but supposedly the vast majority of the "infected" Macs are in the US (56.6%) and Canada (19.8%)... that alone is strange. There are lots of Macs in foreign places, but the Dr.Web does not find proportional infections in Europe or Asia. 46% of Mac sales in the past four-five years have been in Europe... but only 12.4% of the infections are there, with the VAST majority concentrated in the UK?? Germany has a large representation of Macs... and only 0.4% infected??? France has a large Mac presence... but only 0.6%? Macs used to be manufacture in Ireland, and have a very large presence there, especially ones that would be susceptible to this Trojan, but the infection rate is only 0.1%! What gives????. Japan has a very large Mac presence... but their infection rate is only 0.1%! Austraila, with a much smaller Mac presence than Japan has a 6.1% infection listing. Strange.

127 posted on 04/06/2012 8:13:51 PM PDT by Swordmaker
[ Post Reply | Private Reply | To 121 | View Replies]

To: dayglored
Not one of the Mac users on FR has reported being infected. That should tell you something about whether this is a widespread, or not. I still maintain this is a tempest in a teapot, like the previous Trojans.

A year ago, the installed base of Mac OSX computers topped 60 million. In the year since, Apple sold approximately 16 million more Macs, making a total of approximately 75 million OSX Macs in the installed base! A Trojan that can infect 0.8% of the installed base SHOULD be making waves on the forums by people reporting they have found it on their computers, especially in the US... so where are they? The word is out about how to find it easily and how to easily eradicate it.

I am not seeing ANY widespread reports of Mac users reporting they are infected. with a supposed 600,000, they should be all over the place, and they are not. Even in the comments in the articles, no one is reporting THEY are infected. Instead, you see numerous reports of people reporting "I am clean!" Nor are they reporting they KNOW of someone who found they were infected... only the security labs are reporting how to detect the infection on computers they have deliberately infected! That is why I say this stinks!

Note that the websites carrying the Trojan are NOT US websites... but supposedly the vast majority of the "infected" Macs are in the US (56.6%) and Canada (19.8%)... that alone is strange. There are lots of Macs in foreign places, but the Dr.Web does not find proportional infections in Europe or Asia. 46% of Mac sales in the past four-five years have been in Europe... but only 12.4% of the infections are there, with the VAST majority concentrated in the UK?? Germany has a large representation of Macs... and only 0.4% infected??? France has a large Mac presence... but only 0.6%? Macs used to be manufacture in Ireland, and have a very large presence there, especially ones that would be susceptible to this Trojan, but the infection rate is only 0.1%! What gives????. Japan has a very large Mac presence... but their infection rate is only 0.1%! Austraila, with a much smaller Mac presence than Japan has a 6.1% infection listing. Strange.

128 posted on 04/06/2012 8:13:57 PM PDT by Swordmaker
[ Post Reply | Private Reply | To 121 | View Replies]

To: dayglored

Oh you misunderstand. I’m not helping those idiots that support OSX as if it’s flawless...those are the ones I’m calling out and making fun of and proving how stupid they are. The lurkers are my target...not those that like the smell of their own farts who think Apple can do no wrong.


129 posted on 04/06/2012 8:27:11 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 126 | View Replies]

To: Swordmaker; null and void
Not one of the Mac users on FR has reported being infected.

Honest question...does Null and Void not count? He's the first post. Or did he confirm he wasn't infected?

130 posted on 04/06/2012 8:31:37 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 128 | View Replies]

To: Swordmaker

What happened to Pug, or PSS?

Banned but also wrong, wrong wrong. Apple did not go out of business. It’s stock did not tank. There are no rivals to iPad! The iPhone still is viable!


131 posted on 04/06/2012 8:32:39 PM PDT by BunnySlippers (I LOVE BULL MARKETS . . .)
[ Post Reply | Private Reply | To 127 | View Replies]

To: Swordmaker
It's indeed strange.

I'll bet that the high number of alleged "infected" Macs in the US represents people who have visited those dodgy *.rr.nu sites -- without realizing it -- through an image or other link on some other site they hit intentionally (or otherwise), like a porn site.

> Note that the websites carrying the Trojan are NOT US websites.

Ummm, how do you figure that? Although the TLD ".nu" is assigned to island state of Niue, it looks like the domain "rr.nu" is in New Jersey.

% whois rr.nu
------------------------------------------------------------------------
.NU Domain Ltd Whois service

Domain Name (ASCII): rr.nu

Technical Contact:
    InfoRelay  abuse@sitelutions.com
    4 Bridge Plaza Drive
    Englishtown
    NJ 07726
    US
    Phone: (703) 485-4600 (voice)

Record last updated on 2011-Oct-17.
Record expires on 2016-Nov-4.
Record created on 1998-Nov-4.
Record status: Active
Registrar of record: .NU Domain Ltd
Referral URL: http://www.nunames.nu
Anyway, I agree that it's really really odd that there aren't any reports of infected machines by users. If that continues for a few weeks, we'll look for apologetic statements from the anti-virus folks. [...crickets...]
132 posted on 04/06/2012 8:33:35 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 127 | View Replies]

To: for-q-clinton

You hate Apple. You STILL hate Apple. Give it up!


133 posted on 04/06/2012 8:35:15 PM PDT by BunnySlippers (I LOVE BULL MARKETS . . .)
[ Post Reply | Private Reply | To 130 | View Replies]

To: for-q-clinton; Swordmaker
I simply don't know for certain if I was infected. I downloaded the cure without verifying the infection.

I do know that my iMac didn't "feel right" for about a month. It was losing ability to respond to mouse clicks and balking at closing some aps and at shutting down.

Since then no problems.

And yes, I did get stupid and allow a flash player update before the trouble started.

Off hand, I'd say I was zombiefied, but I'm not 100% certain.

134 posted on 04/06/2012 8:43:52 PM PDT by null and void (Day 1172 of America's ObamaVacation from reality [Heroes aren't made, Frank, they're cornered...])
[ Post Reply | Private Reply | To 130 | View Replies]

To: for-q-clinton
> Oh you misunderstand. I’m not helping those idiots that support OSX as if it’s flawless...those are the ones I’m calling out and making fun of and proving how stupid they are. The lurkers are my target...not those that like the smell of their own farts who think Apple can do no wrong.

Against my better judgment... let me assume you're playing straight with that comment. If so...

True Macbots who come out with silly absolute statements that OS-X is "flawless" or "there can never be a Mac malware" -- things which we know are not true but which they are completely serious about -- are rare on FreeRepublic. We're mostly conservatives, and we're not that easily duped.

But I'll grant that there are a few of them. And you are free to argue with them.

But it makes no sense for you to instead aggravate and antagonize EVERY OTHER Mac user and Apple customer, with your tiresome, obnoxious crap-name-calling. Those are the ones you're supposedly "helping". But believe me, you only make them turn away in disgust at your trolling.

I would like to give you the benefit of the doubt here, but it's a real stretch....

Maybe you can explain why you think obnoxious trolling behavior and name-calling is the best way to state your case for caution and security.

135 posted on 04/06/2012 8:48:41 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 129 | View Replies]

To: dayglored
We'll all know in a few months whether this was real or not. In the meantime, it appears to me that it COULD be real. We won't know for a while how it progresses. Perhaps like the Y2K event, if it is handled sufficiently well, the aftermath will be minimal and most people will say, "What was that all about? Nothing went wrong!". That would be a nice outcome for this malware.

It could be real... I have always tempered my advice with "yet..." I have never said, as for-q-clinton claims, that it was impossible. The Macs have YET to be breached. This may be the first successful attempt. But I am not seeing the real world evidence that there are THAT MANY infected Macs out there.

EVERY exploit used against the Mac in CANSEC West has been a JAVA exploit through Safari. Every single one an exploit that Sun did not know about as well. That is why Apple dropped Java as a default inclusion of the installation more than two years ago for OSX Snow Leopard and Lion. Even before, it was an optional install, one of the reasons I have my doubts about the large numbers they are claiming for the infected Macs. Now, if you want Java, you have to download it as a free app from the OSX App Store! Javascript is OK and is still included.

The easiest method of protection from this exploit is to go into Safari and FireFox and any other browser you run's preferences and turn off JAVA. Done. Safe. No body needs JAVA to run for surfing the Internet.

Then, the only other vulnerable Mac users are those that have automatic updates turned off. They don't get the pushed security updates when they are ready, or the new Trojan definitions that come out every 24 hours or sooner as necessary. But you can't protect the terminally stupid... they took a deliberate step to TURN OFF the updates. Why? I haven't got a clue.

136 posted on 04/06/2012 8:51:27 PM PDT by Swordmaker
[ Post Reply | Private Reply | To 125 | View Replies]

To: dayglored

I know I probably do pick fights randomly and often on the Internet when you are arguing with one macbot another non-macbot jumps in and catches the brunt of the response.

But that’s Internet posting and I can’t deal with everyone 1:1. Plus when a non-macbot tries to defend against the point I’m making they are jumping into the fire and I can’t switch mid-stream as I’m making my point.

So yes most on the Internet to debate to the extremes because that’s who they are debating. Everyone else jumping in the will catch the arrows.


137 posted on 04/06/2012 8:59:07 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 135 | View Replies]

To: Swordmaker
> The easiest method of protection from this exploit is to go into Safari and FireFox and any other browser you run's preferences and turn off JAVA. Done. Safe. No body needs JAVA to run for surfing the Internet.

Ah, would that it were that easy!

Java is required by all the Citrix tools we use everyday at work (and I use from home) -- GoToMeeting, GoToWebinar, GoToMyPC/Mac.

It's also required for talking to the Cisco firewalls, routers, switches, etc. in my networks. And it is worse yet -- the poorly written Cisco code in some of the units requires OLD versions of Java!!! Newer Java versions throw errors on some of the device code.

*SIGH*

Granted, that might be atypical for average home users, but it's not uncommon for tech professionals and business users who rely on communications software like GoToMeeting. A surprising amount of stuff is written with the Java environment in mind.

138 posted on 04/06/2012 9:00:57 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 136 | View Replies]

To: dayglored
Ummm, how do you figure that? Although the TLD ".nu" is assigned to island state of Niue, it looks like the domain "rr.nu" is in New Jersey.

The Doctor Web stated the websites with the malware were out of country websites, hard to track down and shut down. I went with their statement. I did not search the ownership of the Domain. However, according to international law, hosting is supposed to be in the country of the domain assignment... even if the ownership may be a New Jersey corporation. Wikipedia says that in 2010, Niue, the country NU is assigned to, found that hosting websites was a good revenue source and opened up their domain to the world... and are not too picky about who, or what, they allow. Apparently it is sort of an Internet Domain Switzerland...

139 posted on 04/06/2012 9:03:09 PM PDT by Swordmaker
[ Post Reply | Private Reply | To 132 | View Replies]

To: for-q-clinton; null and void
Honest question...does Null and Void not count? He's the first post. Or did he confirm he wasn't infected?

Honest answer. I saw that... but he doesn't know and there really is no way, beyond testing, to know. I have not seen his response.

How about it, null and void? Did you test, and were you infected with the Flashback trojan? If so, what version of OSX are you running? What version of Java?

140 posted on 04/06/2012 9:06:39 PM PDT by Swordmaker
[ Post Reply | Private Reply | To 130 | View Replies]

To: for-q-clinton
> ...when you are arguing with one macbot another non-macbot jumps in and catches the brunt of the response.

Or vice-versa. I'm sometimes incorrectly called a Macbot because I sometimes defend Apple against unfair attacks. But earlier on this thread when I commented that I thought this particular malware might indeed be a real problem, I got called an "Apple-basher" (above, #119). Who would-a thunk it?

:)

141 posted on 04/06/2012 9:09:41 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 137 | View Replies]

To: Swordmaker; null and void

I think Nully answered at #134 above. Said he thinks probably he was infected, but can’t be sure because he updated before he tested.


142 posted on 04/06/2012 9:13:39 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 140 | View Replies]

To: null and void
And yes, I did get stupid and allow a flash player update before the trouble started.

Null, there WAS a version of the Trojan that installed with a bogus Flash update. It popped up on a website and required an Admin user name and password. It did not take you to the Adobe website for updating. Was that what you encountered? If so, it was not this particular Flashback Trojan; it was an earlier version that was pretty innocuous.

Was this install as long ago as August? That was Trojan Bash/QHost.WB... but since then your Mac should have recognized it and not allowed you to download it—unless you overrode the warning.

What OSX version are you running? You can check that by clicking on the Apple in the menu bar and selecting "About This Mac."

To avoid this happening again, go into your browsers' preferences and turn off JAVA. You can safely leave Javascript running... just JAVA needs to be off.

143 posted on 04/06/2012 9:18:21 PM PDT by Swordmaker
[ Post Reply | Private Reply | To 134 | View Replies]

To: dayglored
Granted, that might be atypical for average home users, but it's not uncommon for tech professionals and business users who rely on communications software like GoToMeeting. A surprising amount of stuff is written with the Java environment in mind.

I know... but again, more evidence against this large number of infected Macs. Java is just not required for most home users and would not be installed unless they installed something that required it. People confabulate Javascript a mere scripting approach to using that calls from a library of pre-packaged system commands with Java... a sophisticated programing language. They are not one and the same.

144 posted on 04/06/2012 9:25:45 PM PDT by Swordmaker
[ Post Reply | Private Reply | To 138 | View Replies]

To: Swordmaker

See that’s what I’m talking about. You assert not a single FR mac user was impacted, yet you did KNOW in fact at least one may have been and suspected he was. You can see his response were he thinks he was infected in response to my post.

It’s crap like that why you are considered a macbot and never willing to accept any negative truth about apple. Next you’ll downplay this by saying only 1 FR user may have been impacted but we aren’t sure. Also how many FR macbots may have actually been impacted, but would never ever admit it because then they’d have to eat too much crow?


145 posted on 04/06/2012 9:34:04 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 140 | View Replies]

To: null and void

bookmarked


146 posted on 04/06/2012 9:35:04 PM PDT by Irish Eyes
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored; Swordmaker

Also for games such as minecraft.


147 posted on 04/06/2012 9:36:09 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 138 | View Replies]

To: Swordmaker
> You can safely leave Javascript running... just JAVA needs to be off.

In this case, that's true.

But there are good arguments for turning off all scripting in the browsers, too, and some people are fortunate to be able to do that and still get their work done. E.g. NoScript in Firefox.

The arguments are "good", but not "compelling" enough for me, since I need to allow JavaScript to run for a huge number of the things I do every day. So I try to be "careful"...

148 posted on 04/06/2012 9:38:21 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 143 | View Replies]

To: Swordmaker

Java is required to play one of the most popular games on the internet—minecraft. In fact, I think that’s the ONLY way you can play it on a Mac is via Java. With windows you have two options—exe and java. Odd thing is the java version runs better. My kids play it—I don’t like it so I don’t know all the details. But I did setup a server for them and it requires Java as well. Once again on windows it’s easy...just run the server exe file open port...redirect port with NETSH command.


149 posted on 04/06/2012 9:41:01 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 144 | View Replies]

To: for-q-clinton; Swordmaker
> Next you’ll downplay this by saying only 1 FR user may have been impacted but we aren’t sure. Also how many FR macbots may have actually been impacted, but would never ever admit it because then they’d have to eat too much crow?

4Q, you can take heart in this:

If in fact there are over half a million infected Mac users out there, only a tiny percentage would be on FR anyway.

You really ought to be posting like a madman on all the OTHER forums, especially the Mac-centric ones, trying to sniff out the infected Mac users. Think of all the good you would be doing, informing them of their dangerous habits and showing them the light of good security practices.

I'm only being slightly tongue-in-cheek here. Seriously, you would find a lot more folks with problems elsewhere that you could help. FReepers tend to be pretty cautious by nature. By and large...

150 posted on 04/06/2012 9:46:15 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 145 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-5051-100101-150151-185 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson