You are here: Home → Forum Home → The Mac Observer Forums → Apple Finance Board → Thread
Mac Key-logger Virus Flashback.G
-
There is a new Flashback virus that steals passwords using a Java exploit. Way to fix: update your java to the latest version from Apple and install and run a virus scanner that can remove Flashback.G.
Since most Macintosh trading platforms are web or Java-based, this should be a concern.
Mac anti-virus software for $50.00. After installing it and running it, it found and removed the Java malware. Caution: takes forever to run if you have terabytes of storage but can and does run in the background.
http://www.intego.com/virusbarrier/Signature
Black Swan Counter: 9 (Banks need money, Jobs needs a break, Geithner has no plan, Cuomo’s grandstanding, .Gov needs a hobby, GS works for money, flash crash, is that bubbling crude?).
For those who look, a flash allows one to see farther.
-
sleepygeek
- [ Ignore ]
I’m not a virus expert, but from the article:
“Flashback.G installs itself as an invisible file in the “/Users/Shared” folder under a variety of names, all which come with the extension “.so,” said James.”
I do have Java installed, so I listed the directory using the terminal application with the command
ls -R /Users/SharedNo .so files, just some Adobe and Elgato files. So I’m not buying the antivirus software.
(In fact I’m so anti antivirus software that I would have erased my hard disk and reinstalled MacOS in preference to installing antivirus software!)
(If you don’t know terminal, it’s the basic command line interface to MacOS from the days of the Teletype, before there were GUI’s. Find it with Spotlight and hit return.)
[ Edited: 29 February 2012 07:11 AM by sleepygeek ] -
In case your search command returns a zillion files, like mine did using TERMINAL. Just hit COMMAND-A and copy, then paste to TEXT EDIT then use EDIT->FIND on the term
.so
I’m clean, so it works and can be done in less than three min.
Signature
“Even in the worst of times, someone turns a profit. . ” —#162 Ferengi: Rules of Acquisition
-
sleepygeek
- [ Ignore ]
To be fair, you probably don’t need the -R option for ls, which recursively lists all subfolders. I was just being paranoid about the literal interpretation of “in the folder /Users/Shared”.
-
In case your search command returns a zillion files, like mine did using TERMINAL. Just hit COMMAND-A and copy, then paste to TEXT EDIT then use EDIT->FIND on the term
.so
I’m clean, so it works and can be done in less than three min.
You can do better than that… a little bash knowledge goes a long way in OSX!
[ Edited: 29 February 2012 01:08 PM by dc930 ]find -name /Users/Shared/*.so -
Thank you for the scare, no .so or said James.
Signature
Stay Hungry. Stay Foolish. - Steve Jobs
-
sleepygeek
- [ Ignore ]
You can do better than that… a little bash knowledge goes a long way in OSX!
find -name /Users/Shared/*.soThank you - it was all so long ago for me that I don’t remember syntax, and have to muddle through.
But it turns out you got it wrong, so you see why I am careful. Should have been:
find /Users/Shared -name *.soAnd you want the result to be nothing at all, typical of cryptic Unix.
(bash = Bourne again shell = 1989 open source cloning of Steve Bourne’s 1977 Bell labs shell. I was at university with Steve Bourne before he went to Bell Labs, before there was even the 1971 Thompson shell!)
-
But it turns out you got it wrong, so you see why I am careful. Should have been:
find /Users/Shared -name *.soWow, oops - thanks Sleepy!
I tested the command before I ran it, but I was already in the directory I was searching, thus ran this which works:
find -name *.soBash is extremely powerful and extremely dangerous. Take this as a lesson *not* to blindly type anything you see on the internet! :-o
Thanks again.
-
Some might feel safer using a free utility such as Kilometre, which exposes invisible files in a directory window. Still, be cautious what you throw away.
Signature
The study of money, above all other fields in economics, is one in which complexity is used to disguise truth or to evade truth, not to reveal it. The process by which banks create money is so simple the mind is repelled.
-
UNIX Admin here. Use this:
ls -la /Users/Shared/ | grep -e ‘.so’
- or -
find /Users/Shared/ -name \*.so
The “*” needs to be escaped with the backslash to prevent shell interpretation.
Signature
“Knowledge speaks, but wisdom listens.”
- Jimi Hendrix -
UNIX Admin here. Use this:
ls -la /Users/Shared/ | grep -e ‘.so’
- or -
find /Users/Shared/ -name \*.so
The “*” needs to be escaped with the backslash to prevent shell interpretation.
Lesson #2: Before giving advice on the internet, check with a pro. Thanks, incorrigible.
-
UNIX Admin here. Use this:
ls -la /Users/Shared/ | grep -e ‘.so’
- or -
find /Users/Shared/ -name \*.so
The “*” needs to be escaped with the backslash to prevent shell interpretation.
Or just go to the directory and do this:
ls -la *.so
The “-la” part is a pair of switches that give you a “long” listing of “all” (includes invisible) files in the directory that match the pattern “*.so”.
Guys, OS X is just BSD Unix with a pretty GUI on top. Get a Unix handbook and fire up the “Terminal” application and have at it. Just be careful because Unix won’t baby you along by asking if you really meant to delete the whole hard drive if you type “rm -R *”.
-
You will only have user account privileges if you don’t su to root. Can’t really do much system damage. You *can* delete needed files though. Still be careful.
Signature
“Knowledge speaks, but wisdom listens.”
- Jimi Hendrix -
There is a new Flashback virus that steals passwords using a Java exploit.
Given that we’re getting all geeky here, I just wanted to point out that this thing is not a virus, it’s a Trojan horse.
