Sabpab - Another Mac os Backdoor Trojan Discovered
On 4/15/2012 07:36:00 AM
Summary: The Flashback Trojan botnet reportedly controls over 600,000 Macs. Thankfully, Apple yesterday released a patch for Java, which the Trojan exploits, so make sure you install it.
Two months ago, a new variant of the Flashback Trojan started exploiting a security hole in Javato silently infect Mac OS X machines. Apple has since patched Java, but this was only yesterday. As of today, more than 600,000 Macs are currently infected with the Flashback Trojan, which steals your user names and passwords to popular websites by monitoring your network traffic.
Russian antivirus company Dr. Web first reported today that 550,000 Macs were being controlled by the growing Mac botnet. Later in the day though, Dr. Web malware analyst Sorokin Ivanannounced on Twitter (via Ars Technica) that the number of Macs infected with Flashback had increased to over 600,000:
@mikko, at this moment botnet Flashback over 600k, include 274 bots from Cupertino and special for you Mikko - 285 from Finland
As you can see in the screenshot above, Dr. Web says 56.6 percent of the infected Macs are located in the U.S., 19.8 percent are in Canada, and 12.8 percent are in the U.K.
Flashback was initially discovered in September 2011 masquerading as a fake Adobe Flash Player installer. A month later, a variant that disables Mac OS X antivirus signatures updates was spotted in the wild.
In the past few months, Flashback has evolved to exploiting Java vulnerabilities. This means it doesn’t require any user intervention if Java has not been patched on your Mac: all you have to do is visit a malicious website, and the malware will be automatically downloaded and installed.
Another variant spotted last month asks for administrative privileges, but it does not require them. If you give it permission, it will install itself into the Applications folder where it will silently hook itself into Firefox and Safari, and launch whenever you open one of the two browsers. If you don’t give it permission, it will install itself to the user accounts folder, where it can run in a more global manner, launching itself whenever any application is launched, but where it can also more easily detected.
You can grab the new version of Java that patches the security hole in question from Apple here:Java for Mac OS X 10.5 Update 6, Java for Mac OS X 10.6 Update 7 and Java for OS X Lion 2012-001. Additionally, F-Secure has instructions on how to remove this malware if you think your Mac may already be infected.
http://www.zdnet.com/blog/security/over-600000-macs-infected-with-flashback-trojan/11345?tag=nl.e540
The next time you’re asked in an interview to name your greatest weakness, remember that it could be worse: Job seekers applying to Maryland’s Department of Corrections were asked for their Facebook logins and passwords.
After learning of this practice, the ACLU stepped in and put a stop to it. However, the folks in Maryland, somehow still unclear on the concept, then had job candidates log in to their Facebook accounts while the hiring manager peered over their shoulder as they perused everything behind their privacy settings.
The officials at the Maryland Department of Corrections said that they did this to make sure job candidates didn’t have any gang affiliations. The agency told the ACLU it had reviewed the social media accounts of 2,689 applicants and denied employment to seven because of items found on their pages. Talk about throwing the baby out with the bath water and all that.
When I used to advise people to be careful what they put into social media, I’d always temper that with telling them to at least put sensitive things behind a privacy wall (if you can keep up with Facebook’s ever-changing privacy settings). But I guess even that doesn’t hold water, as you can see in this blog that shows an image of a job application (for a clerical position) that comes right out and asks for social media logins and passwords. Scary stuff.
RELATED
For all the good it can do, social networking also has its share of downsides. Putting personal information of any kind on the internet raises plenty of privacy concerns on its own, and handing over your username and password can be like giving away the keys to your very identity. But if you're in the process of seeking new employment, that may be exactly what you'll have to do.
The image below is a snapshot of an application from North Carolina for a clerical position at a police department. One of the required pieces of information is a disclosure of any social networking accounts, along with the username and password to access them.
(Source)