Satcomer
In Geostationary Orbit
Another scam is rearing it's ugly head and you can read about it in the article ChronoPay Fueling Mac Scareware Scams. As Mac users we need to start be suspicious of things like this scam.
Viruses On Os X
- Thread starter Captain Code
- Start date
Satcomer
In Geostationary Orbit
Well I have come access a manual fix for theTrojan-Downloader:OSX/Flashback.C. It's really good information from F-Secure to find out if you were suckered in this Trojan.
Satcomer
In Geostationary Orbit
There is another Trojan making it's way across PTP bit Torrent files. It is called the DevilRobber. So be careful and only trust files from people you actually know and are expecting.
fazlurrehman
Registered
I also accept this that OS X is very strong as far as Virus attack is considered
Satcomer
In Geostationary Orbit
OS X doesn't get virus attacks. OS X users are only hit by Trojans. An OS x user must give their username & password to a Trojan for it to install.
One trick is if you use Safari is to go Safari's Preferences and uncheck the box for "Open "safe" files after downloading". This will stop Trojans from unpacking automatically when visiting a nefarious web site.
I know is the a thread about this already but I am wondering if anyone can suggest a good (and preferably free) software application for my Mac (I am using an older MacBook with OS 10.4.8) and have a virus on my machine. I did not think that Macs were prone to such things but I am anxious to resolve the matter as the virus is emailing everyone on my contact list and spamming them...Thanks in advance!!
ElDiabloConCaca
U.S.D.A. Prime
There isn't a single virus available for Mac OS X.
There are some trojans available, but none that do anything like what you're describing.
A remote possibility is that you have the DNSChanger trojan. Were you ever asked, when visiting a web page, to download and install some "Quicktime Codecs" to properly view the page? If so, did you? If so, you were tricked. Try using the free DNSChanger removal tool here:
http://www.dnschanger.com/
Are you absolutely sure you're infected? More than likely, if what you're describing is actually happening (spamming address book contacts), is that someone has obtained access to your MobileMe/.Mac/iCloud account and is using your email address and spamming your contacts. This is not the result of any kind of infection on your Mac, and the remedy is to simply change your MobileMe/.Mac/iCloud password.
Password security is a whole 'nother discussion altogether, but a good rule of thumb for picking a strong password is that if you can remember the password you've picked from memory after having typed it less than 50 times, you have picked an absolutely horrible password. Pick again until you can't remember your own password and must read it off of the paper you wrote it down on.
Thanks for your assistance and I have changed my password for various accounts which I hope will help matters... I will also visit the website you mentioned and see if the tool works as I am very eager to fix things as soon as possible... In answer to your question, I really do not remember visiting any sites that requested such information so I think the issue is that someone has logged into my account...
Once again, please accept my sincere appreciation for your prompt response...this is very useful site!!
Once again, please accept my sincere appreciation for your prompt response...this is very useful site!!
One of the relatively common ways of stealing a user's login and account details I see every now and then in Facebook. When you click on any page or any link from/in Facebook, it should not show another Facebook login to see anything. If you are logged in in Facebook and see something asking you to log in your Facebook account again, it's a scam. And if you find a page, a link etc that does that report it to FB.
And bewared of it also when browsing on mobile devices - and when you do log in to FB or any other site you have an account on, double-check the full URL on your phone. As on a phone you usually just see the beginning, it might well start Facebook.com.something.something.somethingelse.somedomain.xx - just like they have been trying for years with bank accounts.
And bewared of it also when browsing on mobile devices - and when you do log in to FB or any other site you have an account on, double-check the full URL on your phone. As on a phone you usually just see the beginning, it might well start Facebook.com.something.something.somethingelse.somedomain.xx - just like they have been trying for years with bank accounts.
Doctor X
Registered
I know . . . malware does not mean viruses, but I have PC Heads screaming at me about it:
Comments? I am stuck in the Land of Slowz Interwebz which is making commenting/searching a bit tedious. Yes, I know, PC "gots BAZILLIONS of TROJANS!!11!"
After an HOUR of slow loading pages I found an earlier--and better--article:
http://reviews.cnet.com/8301-13727_...es-to-exploit-unpatched-java-vulnerabilities/
which seems to suggest the bastard does not work on Lion. Granted for those of us who do not run Lion
--J.D.
Doctor X
Registered
Understood, of course the Solo-PC'rs are trumpeting the "MACS ARE NOT SAFE" claims. Leaving aside the obvious fact that security remains a user responsibility for both Mac and PC, is there any method of "cleaning" the Trojan and/or rebuttal to such partisans?
Working on an incredibly poor connection in my travels, so it is taking forever to search.
On second thought, never mind. I just realized I have no reason to waste my time with helping such people.
--J.D.
Working on an incredibly poor connection in my travels, so it is taking forever to search.
On second thought, never mind. I just realized I have no reason to waste my time with helping such people.
--J.D.
Last edited:
Satcomer
In Geostationary Orbit
I just read the article Mac Flashback malware: What it is and how to get rid of it (FAQ). I tried it just to make sure I wasn't affected and I urge everyone try to see if they are infected.
Plus Apple today out a version 2 (April 5, 2012) off the Java Update so check your Software Update again. It is just updated because of Disk unpacking bug on some Macs.
Plus Apple today out a version 2 (April 5, 2012) off the Java Update so check your Software Update again. It is just updated because of Disk unpacking bug on some Macs.
Last edited:
Essentially, like in http://osxdaily.com/2012/04/05/how-to-check-for-the-flashback-trojan-in-mac-os-x/:
I still smell BS statistics and scare tactics deployed by anti-virus companies for the numbers telling that "several hundred thousand older Macs have been affected".
Sort of the same type of numbers and mutant statistics that a while back mentioned how an average woman eats 4-7 lb of lipstick in her lifetime. When you break back the numbers of how much an average woman "eats" lipstick a year, it would come to at least 1.5 oz which would be, if the lipstick are the same size as average lip balms, count to 10 lipsticks. A year. So a lipstick a month, eaten and not used as a lipstick?
Just based on how much lipstick is reported sold does not count that the women eat it all.
Just because there are several hundred thousand older Macs around it does not mean they were all affected, or even that would all have had laid-back java settings in them.
Anyway. Back to vulnerabilities and potential vulnerabilities... they still pretty much remain the same on Macs:
1. Java (aka Java platform - not a Mac OS X specific issue)
2. Javascript (aka a Javascript issue - not a Mac OS X specific issue)
3. Flash (aka a Flash issue - definitely not a Mac OS X specific issue)
4. Microsoft Office macros (aka a MS issue - not a Mac OS X specific issue)
5. Trojans and other bad stuff downloaded/installed by user - these have been often from some weird P2P program (user issue)
6. User issues (command line acrobatics, allowing a child to use an administrator account, user removing some stuff they shouldn't, using a rotten AppleScript or Automator script, or installing something themselves - user issues)
7. User settings, or sometimes default settings (e.g. automatic login, using an administrator account for everything, having bad passwords) <-- these are potential hazards if the Mac gets to wrong hands
8. Mac OS X settings (e.g. in 10.7 no admin password is no longer required for system updates... that Software Update downloads from Apple's site) <-- some of these could have some potential
I still smell BS statistics and scare tactics deployed by anti-virus companies for the numbers telling that "several hundred thousand older Macs have been affected".
Sort of the same type of numbers and mutant statistics that a while back mentioned how an average woman eats 4-7 lb of lipstick in her lifetime. When you break back the numbers of how much an average woman "eats" lipstick a year, it would come to at least 1.5 oz which would be, if the lipstick are the same size as average lip balms, count to 10 lipsticks. A year. So a lipstick a month, eaten and not used as a lipstick?
Just based on how much lipstick is reported sold does not count that the women eat it all.
Just because there are several hundred thousand older Macs around it does not mean they were all affected, or even that would all have had laid-back java settings in them.
Anyway. Back to vulnerabilities and potential vulnerabilities... they still pretty much remain the same on Macs:
1. Java (aka Java platform - not a Mac OS X specific issue)
2. Javascript (aka a Javascript issue - not a Mac OS X specific issue)
3. Flash (aka a Flash issue - definitely not a Mac OS X specific issue)
4. Microsoft Office macros (aka a MS issue - not a Mac OS X specific issue)
5. Trojans and other bad stuff downloaded/installed by user - these have been often from some weird P2P program (user issue)
6. User issues (command line acrobatics, allowing a child to use an administrator account, user removing some stuff they shouldn't, using a rotten AppleScript or Automator script, or installing something themselves - user issues)
7. User settings, or sometimes default settings (e.g. automatic login, using an administrator account for everything, having bad passwords) <-- these are potential hazards if the Mac gets to wrong hands
8. Mac OS X settings (e.g. in 10.7 no admin password is no longer required for system updates... that Software Update downloads from Apple's site) <-- some of these could have some potential
Satcomer
In Geostationary Orbit
Apple today released trough Software update a third Java update that removes the Trojan plus turn of auto running Java Applelets unless you put a checkmark in /Applications/Utilities/Java Preferences.app. You can read about it at the MacWorld article New Java update from Apple removes Flashback malware. So check your Software Update today.
Satcomer
In Geostationary Orbit
Well today there is a new Java exploit affecting Macs again. Read the article Sabpab, new Mac OS X backdoor Trojan horse discovered and parroted by Forbes article New Mac OS X Backdoor Trojan Discovered.
As the article mention I checked /YourUserName/Library/Preferences/ for the files com.apple.PubSabAgent.pfile & /Library/LaunchAgents/com.apple.PubSabAGent.plist and both were there. So I am not sure but I Securely Deleted them just in case.
So you all should better check also and go into Safari's Preferences, Security and turn off Java for now since this is how bad people are exploiting Macs right now.
As the article mention I checked /YourUserName/Library/Preferences/ for the files com.apple.PubSabAgent.pfile & /Library/LaunchAgents/com.apple.PubSabAGent.plist and both were there. So I am not sure but I Securely Deleted them just in case.
So you all should better check also and go into Safari's Preferences, Security and turn off Java for now since this is how bad people are exploiting Macs right now.
Last edited: