Author Topic: ***600,000 Macs Infected***  (Read 7243 times)

0 Members and 1 Guest are viewing this topic.

Offline .: Mac :.

  • Avast √úberevangelist
  • Ultra Poster
  • *****
  • Posts: 5051
Re: ***600,000 Macs Infected***
« Reply #15 on: April 07, 2012, 01:14:43 AM »
So is it still not included in Avast?  I'm sure I read that VirusBarrier included it in early March.

Avast for Mac beta seems really stable now.  I uninstalled it last Autumn because it was causing problems and development seemed to be really slow, but I tried it again recently and it seems much better.  Am I right in thinking that the more people that install it the more chance of Avast finding new viruses early on?  Are they automatically submitted when they're detected?

Yes the more Mac community members the more samples can be sent to the Virus lab for analysis
"People who are really serious about software should make their own hardware." - Alan Kay

Offline macmomma08

  • Full Member
  • ***
  • Posts: 132
  • I know nothing except that I know nothing.
Re: ***600,000 Macs Infected***
« Reply #16 on: April 07, 2012, 03:11:35 AM »
So is everyone safe now then? Also, why don't any of those things to put into terminal mention chrome? Did it leave chrome alone?

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 712
  • A Good Old Indian!
Re: ***600,000 Macs Infected***
« Reply #17 on: April 07, 2012, 05:27:07 AM »
Today's VPS contains the detections for the flashback trojan see:
Quote
MacOS:Flashback-L [Drp], MacOS:Flashback-M [Trj], MacOS:Flashback-N [Trj]

Offline russwilde

  • Newbie
  • *
  • Posts: 2
Re: ***600,000 Macs Infected***
« Reply #18 on: April 07, 2012, 11:14:36 AM »
Its good to see this in the updates.

@tech it does look like the presence of /Applications/Avast.app causes the Trojan to halt and delete itself. Other applications including xcode also have this effect.

I don't know why really, but I will hazard a guess:

I notice the Trojan is quite selective over which apps and versions it goes for in an attempt to avoid detection by crashing during a failed infection.

The apps that cause the self destruct are either anti viral software or programming and debugging software. My guess is that this is an attempt to avoid detection by programmers or anti virus software that may recognise a threat on the Trojan before the payload is delivered. It could also be a little insurance to make sure that the creator's test machine doesn't get hit.