"OS10 has had a number of significant security flaws..."
"If you own a Macintosh computer there’s a chance you’ve been infected even if you run some kind of Anti-Virus software. If you’ve been on a website that offered to update your Flash player, there’s even a better chance...."
Full blog: http://billpstudios.blogspot.com/2012/04/time-to-protect-your-macintosh-computer.html
Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.
[I am experimenting with Sandboxie, and believe computer-users who sandbox are acting prudently.]
I haven't been posting Apple news here because this is a Dell forum, but have been recommending ESET and SOPHOS security software to Mac users.
We post updates on this forum whenever Oracle has a Java update. However, when it comes to Macs, in order to fix the Java flaw, the systems need to be updated by Apple.
See these pages as well:Apple's security code of silence: A big problemhttp://news.cnet.com/8301-13579_3-57410476-37/apples-security-code-of-silence-a-big-problem/Apple malware flourishes in a culture of denialhttp://www.zdnet.co.uk/blogs/jacks-blog-10017212/apple-malware-flourishes-in-a-culture-of-denial-10025828/
If a post answers your question, please click the green "Yes" button to verify it as the answer.
Microsoft MVP - Consumer SecuritySocial Media and Community ProfessionalSpywareHammer
I am not a Microsoft or a Dell employee. I am a volunteer.
Are Macs safer than PCs?http://nakedsecurity.sophos.com/2012/04/10/macs-safer-than-pcs/
Macs are not safer. Macs from 2006 with INTEL processors on ARE pc's and can run XP/VISTA/WIN7 natively.
The current Real Problem with Macs is called FLASHBACK. If you update your software regularly from the Apple menu and Update Firefox etc
then you likely don't have a problem. Flashback is like Conficker it makes your pc into a BOT for attacking others.
Apple has fixed the vulnerability through which the Flashback malware attacks Mac systems, but only in supported versions of OS X, not Tiger and Leopard.
The only fix for these is to disable Java entirely.
The updates are available for OS X 10.6 and 10.7 systems that have Java installed; you can update your system by using the Software Update utility in the Apple menu. However, so far there have been no updates to patch older versions of OS X such as Tiger and Leopard, which come with Java runtimes installed and therefore are vulnerable to Flashback.
This malware was designed in sept 2011 while being distributed as a fake Flash Player installer (hence its "Flashback" name).
These issues are addressed by updating to Java version 1.6.0_31
Caution: Manual disinfection is a risky process; it is recommended only for advanced users. Otherwise, please seek professional technical assistance. F-Secure customers may also contact our Support.
Manual Removal Instructions
Some Flashback variants include additional components, which require additional steps to remove. Please refer to our Trojan-Downloader:OSX/Flashback.K description for additional information and removal instructions.
Trojan-Downloader:OSX/Flashback.I is dropped by malicious Java applets that exploit the known CVE-2011-3544 vulnerability.
On execution, the malware will prompt the unsuspecting user for the administrator password. Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.
If infection is successful, the malware will modify the contents of certain webpages displayed by web browsers; the specific webpages targeted and changes made are determined based on configuration information retrieved by the malware from a remote server.
On execution, the malware checks if the following path exists in the system:
If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.
Downloading the Payload
The malware connects to the following URL to download its payload:
The filename and actual content of the payload depends on reply of the remote host. The reply is compressed and encrypted but the actual content follows this format:
Only after downloading the payload does Flashback.I proceed with infecting the machine. To do so, the malware prompts for the administrator password, as in the following screenshot:
The icon indicated by the red box in the screenshot is the PNG content returned by the remote host. This is dropped to the location '/tmp/.i.png' on the system. Since this image is controlled by the remote host, it can be changed any time the author deems necessary.
Whether or not the user inputs their administrator password at the prompt determines the type of infection the malware subsequently performs:
Infection Type 1
If the user inputs their administrator password, the malware will create the following files:
The malware then creates a launch point, inserting the following line into "/Applications/Safari.app/Contents/Info.plist":
This in effect will inject binary2 into Safari when the browser is launched.
If the malware was able to infect the system this way, it reports success to the following URL:
If it failed to infect the system, the malware reports to the following URL:
Infection Type 2
In cases where the user did not input their administrator password, the malware checks if the following path exists in the system:
If any of these are found, the malware again skips the rest of its routine and proceeds to delete itself, presumably to avoid infecting a system that has an incompatible application installed.
If none of the incompatible applications are found, the malware will create the following files:
The malware then creates a launch point by creating "~/.MacOSX/environment.plist", containing the following lines:
This in effect will inject binary2 into every application launched by the infected user.
For this infection type, the malware reports the successful infection to the following URL:
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, Lion Server v10.7.3
Impact: Multiple vulnerabilities in Java 1.6.0_29
Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
Report Unresolved Customer Service Issues here: Dell - Unresolved Customer Service IssuesI do not work for Dell. I too am a user. The forum is primarily user to user, with Dell employees moderating.
Credit goes to F-Secure for the above instructions.
See the following pages for anti-virus for Mac:https://www.f-secure.com/en/web/home_global/protection/anti-virus-for-mac/overview
Apple Snubs Firm That Discovered Mac Botnet, Tries To Cut Off Its Server Monitoring Infectionshttp://www.forbes.com/sites/andygreenberg/2012/04/09/apple-snubs-firm-who-discovered-mac-botnet-tries-to-cut-off-its-server-monitoring-infections/
Apple – Listen to Us, Before It’s Too Late!http://eugene.kaspersky.com/2012/04/16/apple-listen-to-us-before-its-too-late/
Mac botnet generated $10,000 a day for Flashback gang.
Copied/pasted from an e-mail announcement from OpenDNS:
OpenDNS is now blocking Flashback malware, the malicious piece of software that has infected hundreds of thousands of Mac devices in just a few months. The Internet has been buzzing with stories on Flashback because until recently it was commonly believed that Mac machines were largely immune to malware attacks. But when early reports indicated that more than 600,000 machines had become infected, we quickly took action to ensure you had proactive and preventative protection.
Just like the automatic protection against phishing sites and wide-scale Internet threats that you expect from OpenDNS, protection against Flashback is a free service for all OpenDNS users. The update is automatic so you don't need to take any additional action to start blocking Flashback. Most importantly, the leading-edge protection works in two ways: