Mac users have been buying their computers more and more under the pretense that “Macs don’t get viruses.” This is even told to customers by Apple employees at Apple stores, although it’s mostly worded differently, such as the statement “you don’t have to worry about viruses like on Windows.”
That’s all mostly true. There is almost no threat of getting any sort of malicious virus or trojan on a Mac OS X system yet. Although the popularity has grown rapidly over the years, the percentage of Macs on the market in comparison to Windows-based PC computers is still too small for hackers to really care about Apple’s platform. That doesn’t mean something “can’t” happen, it just means that, in general, you’re far safer than a Windows machine when it comes to getting infected with malicious code.
However, every now and then… that thing you thought couldn’t happen, can happen. Mac owners have a little threat after them this time, taking the form of a new variant of an old trojan. Luckily, this little guy is really easy to avoid, and the majority of Mac owners still have nothing to worry about.
According to security firm Intego, the new variant found in the Flashback Trojan Horse is a bit more devious than previous versions. It attempts to present you with a security certificate, such as the one pictured in the image above, trying to fool you into thinking it’s a security certificate from Apple. Normal users would likely see that and say “oh, well if it’s from Apple what harm could it do?” Seems logical that the trick would work for many people.
Flashback.G injects code into web browsers and other applications that access a network, and in many cases causes them to crash. It installs itself in an invisible file in the /Users/Shared folder, and this file can bear many names, but with a .so extension.
What does it do to your system if you get infected? Well, the first thing this little nuisance will do is sneak into your browsers and any other program that’s connected to the network you’re on, and start searching for usernames and passwords to the site you like to login to. Usernames for Google accounts, PayPal, Facebook, your bank accounts, etc. will all be recorded (and it’s an assumption that they are sent back to the host).
Obviously this is information you don’t want some random person on the other side of the world to have, especially knowing they created this little virus to harm people. Lucky for you, making viruses for Mac OS X is still fairly new, and there are a lot of little problems and special circumstances that have to happen in order for you to even get infected. Many people are actually totally immune to this thing already. Let’s see if you are or not.
Are you running an outdated version of Java?
It sounds like a simple solution, but simply keeping your system up to date is actually the best way to avoid this. Many users, myself included, have this sort of thing happening automatically without them having to care about it. This is true for a lot of users, but not all, and you might be one of those people who aren’t using the most up to date version. Solve this issue easily, but going to your “Apple Menu” at the top left corner of your screen, and clicking “System Update.” For most people, you won’t have any updates because you install them when they are available, but in case you haven’t done it in a while, and there is a java update in your que… update. Congrats, you’re now safe from this problem.
The trojan appears to be mostly infecting users running Mac OS X 10.6 Snow Leopard, and not Mac OS X 10.7 Lion. The simple reasoning behind this, is that Snow Leopard comes pre-installed with Java, where as Lion does not. Lion users get the latest version installed for them later, thus, they are up to date, while Snow Leopard users just keep thinking they’re the shit for sticking it to the man and not updating to Lion (me).
Even if you do have an out of date version of Java running on your system, you’re still quite free of harm if you have any anti-virus software installed at all. The trojan actually refuses to install itself if you have anti-virus software, because it’s a little coward and doesn’t want to be detected by anybody. Most Mac users don’t have any though, because they were told they don’t need it (and for the most part, you don’t). If this “Flashback.g” trojan does manage to install itself on your computer though, then it’s a little bit of a problem. It’ll cause programs that are connected to the network to become unstable, and they’ll start crashing on you.
If you are infected by this malware, look for a Java applet in ~/Library/Caches and send it to firstname.lastname@example.org before deleting it. Intego would love to see as many samples as possible to help them battle this threat with their VirusBarrier X6 application.
HotTips! Readers: Get Great VPS Wordpress Hosting Cheap!
HotTips! Readers can enjoy great savings with a hosting package at Pryor Media! Your WordPress website will never be that slow-loading junk that you get with shared hosts! Learn what makes Pryor Media’s WordPress Hosting different from the rest, and use coupon code “HOTTIPS” to save 20% off of your hosting subscriptions!