Mac Key-logger Virus Flashback.G

  • Avatar

    Posted: 27 February 2012 04:26 PM

    There is a new Flashback virus that steals passwords using a Java exploit. Way to fix: update your java to the latest version from Apple and install and run a virus scanner that can remove Flashback.G.

    Since most Macintosh trading platforms are web or Java-based, this should be a concern.

    Read news: http://www.computerworld.com/s/article/9224651/New_Mac_malware_exploits_Java_bugs_steals_passwords?taxonomyId=89

    Mac anti-virus software for $50.00. After installing it and running it, it found and removed the Java malware. Caution: takes forever to run if you have terabytes of storage but can and does run in the background.


    http://www.intego.com/virusbarrier/

    Signature

    Black Swan Counter: 9 (Banks need money, Jobs needs a break, Geithner has no plan, Cuomo’s grandstanding, .Gov needs a hobby, GS works for money, flash crash, is that bubbling crude?).

    For those who look, a flash allows one to see farther.

         
  • Posted: 29 February 2012 06:08 AM #1

    I’m not a virus expert, but from the article:

    “Flashback.G installs itself as an invisible file in the “/Users/Shared” folder under a variety of names, all which come with the extension “.so,” said James.”

    I do have Java installed, so I listed the directory using the terminal application with the command

    ls -/Users/Shared 

    No .so files, just some Adobe and Elgato files. So I’m not buying the antivirus software.

    (In fact I’m so anti antivirus software that I would have erased my hard disk and reinstalled MacOS in preference to installing antivirus software!)

    (If you don’t know terminal, it’s the basic command line interface to MacOS from the days of the Teletype, before there were GUI’s. Find it with Spotlight and hit return.)

    [ Edited: 29 February 2012 06:11 AM by sleepygeek ]      
  • Avatar

    Posted: 29 February 2012 11:18 AM #2

    In case your search command returns a zillion files, like mine did using TERMINAL. Just hit COMMAND-A and copy, then paste to TEXT EDIT then use EDIT->FIND on the term

    .so

    I’m clean, so it works and can be done in less than three min.

    Signature

    “Even in the worst of times, someone turns a profit. . ” —#162 Ferengi: Rules of Acquisition

         
  • Posted: 29 February 2012 12:03 PM #3

    To be fair, you probably don’t need the -R option for ls, which recursively lists all subfolders. I was just being paranoid about the literal interpretation of “in the folder /Users/Shared”.

         
  • Avatar

    Posted: 29 February 2012 12:04 PM #4

    TanToday - 29 February 2012 03:18 PM

    In case your search command returns a zillion files, like mine did using TERMINAL. Just hit COMMAND-A and copy, then paste to TEXT EDIT then use EDIT->FIND on the term

    .so

    I’m clean, so it works and can be done in less than three min.

    You can do better than that… a little bash knowledge goes a long way in OSX!

    find -name /Users/Shared/*.so 
    [ Edited: 29 February 2012 12:08 PM by dc930 ]      
  • Avatar

    Posted: 29 February 2012 12:06 PM #5

    Thank you for the scare, no .so or said James.

    Signature

    Stay Hungry. Stay Foolish.  - Steve Jobs

         
  • Posted: 29 February 2012 01:53 PM #6

    dc930 - 29 February 2012 04:04 PM

    You can do better than that… a little bash knowledge goes a long way in OSX!

    find -name /Users/Shared/*.so 

    Thank you - it was all so long ago for me that I don’t remember syntax, and have to muddle through.

    But it turns out you got it wrong, so you see why I am careful. Should have been:

    find /Users/Shared -name *.so 

    And you want the result to be nothing at all, typical of cryptic Unix.

    (bash = Bourne again shell = 1989 open source cloning of Steve Bourne’s 1977 Bell labs shell. I was at university with Steve Bourne before he went to Bell Labs, before there was even the 1971 Thompson shell!)

         
  • Avatar

    Posted: 29 February 2012 02:15 PM #7

    sleepygeek - 29 February 2012 05:53 PM

    But it turns out you got it wrong, so you see why I am careful. Should have been:

    find /Users/Shared -name *.so 

     

    Wow, oops - thanks Sleepy!

    I tested the command before I ran it, but I was already in the directory I was searching, thus ran this which works:

    find -name *.so 

    Bash is extremely powerful and extremely dangerous. Take this as a lesson *not* to blindly type anything you see on the internet!  :-o

    Thanks again.

         
  • Avatar

    Posted: 29 February 2012 03:38 PM #8

    Some might feel safer using a free utility such as Kilometre, which exposes invisible files in a directory window.  Still, be cautious what you throw away.

    Signature

    The study of money, above all other fields in economics, is one in which complexity is used to disguise truth or to evade truth, not to reveal it. The process by which banks create money is so simple the mind is repelled.

         
  • Avatar

    Posted: 29 February 2012 04:15 PM #9

    UNIX Admin here.  Use this:

    ls -la /Users/Shared/ | grep -e ‘.so’

      - or -

    find /Users/Shared/  -name \*.so

    The “*” needs to be escaped with the backslash to prevent shell interpretation.

    Signature

    “Knowledge speaks, but wisdom listens.”
    - Jimi Hendrix

         
  • Avatar

    Posted: 29 February 2012 04:49 PM #10

    incorrigible - 29 February 2012 08:15 PM

    UNIX Admin here.  Use this:

    ls -la /Users/Shared/ | grep -e ‘.so’

      - or -

    find /Users/Shared/  -name \*.so

    The “*” needs to be escaped with the backslash to prevent shell interpretation.

    Lesson #2: Before giving advice on the internet, check with a pro. Thanks, incorrigible.

         
  • Posted: 29 February 2012 04:51 PM #11

    incorrigible - 29 February 2012 08:15 PM

    UNIX Admin here.  Use this:

    ls -la /Users/Shared/ | grep -e ‘.so’

      - or -

    find /Users/Shared/  -name \*.so

    The “*” needs to be escaped with the backslash to prevent shell interpretation.

    Or just go to the directory and do this:

    ls -la *.so

    The “-la” part is a pair of switches that give you a “long” listing of “all” (includes invisible) files in the directory that match the pattern “*.so”.

    Guys, OS X is just BSD Unix with a pretty GUI on top.  Get a Unix handbook and fire up the “Terminal” application and have at it.  Just be careful because Unix won’t baby you along by asking if you really meant to delete the whole hard drive if you type “rm -R *”.

         
  • Avatar

    Posted: 29 February 2012 05:00 PM #12

    You will only have user account privileges if you don’t su to root.  Can’t really do much system damage.  You *can* delete needed files though.  Still be careful.

    Signature

    “Knowledge speaks, but wisdom listens.”
    - Jimi Hendrix

         
  • Posted: 29 February 2012 10:35 PM #13

    Eric Landstrom - 27 February 2012 08:26 PM

    There is a new Flashback virus that steals passwords using a Java exploit.

    Given that we’re getting all geeky here, I just wanted to point out that this thing is not a virus, it’s a Trojan horse.