![]() ![]() Like previous variants of Flashback, this one cannot work if you have the reverse firewall Little Snitch installed, which monitors outbound traffic and warns you when a program tries to communicate with a service on the Internet. This habit is practically all that's needed to avoid any Trojan horse malware on any system. ![]() Therefore, an easy way to avoid it besides avoiding such services is to adopt the habit of never running any program unless you have intentionally and directly downloaded it either from the developer's Web site or from a reputable software distribution site like CNET's. Therefore, although revisions may bring slightly different behaviors, OS X systems aren't at any greater risk from the new variant.Īdditionally, malware like this is usually distributed on underground Websites and peer-to-peer file-sharing services. To put things in perspective, in the week or two between the discovery of the second variant and this third one there have been nearly 190 new and updated malware programs detected (based on malware definitions from Sophos) for Windows systems.Īlso, in order to operate, Flashback still needs you to download it, purposefully open the installer, and provide your password to run so it can make alterations to your system. The latest revision appears to have been altered slightly so it now targets Apple's XProtect system and disables it by removing the XProtect scanner and updater in addition to depositing its payloads.Īs we mentioned in previous coverage of Flashback, revisions like these are expected and do not indicate a sudden rampant increase in malware for OS X systems. The Flashback installer looks like the upper window above, whereas the official Adobe Flash installer looks like the lower window. Yesterday, the malware detection team at F-Secure uncovered a third variant of this Trojan, OSX/Flashback.C, which shows the criminals behind this malware are still trying to get a foothold for their scheme. ![]() The initial version of the malware installed the payload in various locations in the user's home directory, but the second revision, found earlier this month, changed this so the payload was placed in application packages like Safari and Firefox and launched when these applications were opened. The payload then communicates with a remote server in an apparent attempt to steal personal information. It works by installing a payload executable file on the system and then configures environmental variables on the system so that the payload will be launched when certain applications are opened. It was first discovered in late September. The latest malware scam that has been found for OS X is a fairly obscure installer program that is being disguised as an Adobe Flash Player installer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |