What is Flashback?

Flashback first appeared back in September of 2011, as a simple trojan.  It would be downloaded from web sites that displayed a warning that your Adobe Flash player had crashed and needed to be updated.  Of course, the “update” would actually be malware, which would install some code that would be inserted into applications like Safari, with the purpose of sniffing out data you transmit, such as credit card numbers or financial site passwords.  It wasn’t to big a threat to the wary web surfer, though…  especially English-speaking folks, who would be tipped off immediately by text like “Update fix a crush of Adobe Flash player.”
Read the rest of this entry »

Leave a comment

Earlier today, Intego announced their discovery of a new Flash Player trojan, which they have named OSX/flashback.A.  Earlier this summer, another Flash Player trojan (BASH/QHost.WB) was announced by F-Secure, masquerading (as this one does) as a Flash Player installer.  However, unlike the last trojan, which never really worked, this new trojan is functional (though different)!
Read the rest of this entry »

2 Comments

There hasn’t been much to say about Mac malware lately.  Since the folks behind the MacDefender trojans got caught and put into Russian prison, things have been quiet.  The last two things I’ve written about since then were a trojan that was Windows-only and a broken Mac trojan.  This weekend, however, changes that streak.  On Friday, F-Secure discovered a new Mac trojan masquerading as a PDF file.
Read the rest of this entry »

2 Comments

Firewalls have always been poorly understood, even by knowledgeable people. With the recent upsurge in Mac malware, there has been a lot of questionable advice circulating, some of which related to firewalls. People are recommending firewalls for avoiding malware, blocking hackers, preventing spam and any number of other things.  Some of these recommendations have some validity and some do not…  but how is the average user to know the difference?
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

I managed to get my hands on a copy of MacGuard this evening, and ran it through some tests to try to clarify some of the rumors floating around.  The good news is that, in all, this is just another boring old variant in the MacDefender malware line.  The same old removal instructions still apply, and the application itself does not appear to have developed any new features.  However, when it comes to the installation, there are some notable differences!
Read the rest of this entry »

6 Comments

There have been reports circulating that MacDefender/MacSecurity/MacProtector may be doing nasty things like scanning the hard drive and sending data home.  If this is true, it would be a more serious problem.  The behavior that has been documented to date is less dangerous because it is entirely under your control.  You choose whether to proceed with the installation, and you choose whether to give a credit card number.  Many people have accepted the installation, but balked at the credit card…  but that could be a problem if the trojan is doing other things behind the scenes.  So, are these rumors true?  Here’s what I found.
Read the rest of this entry »

3 Comments