***600,000 Macs Infected***

[internetworld7]

Please tell me you guys are on this: http://tinyurl.com/crvwnja 

Wow, I'm seriously shocked to see that so many Macs were infected at one time. I hope avast has been updated to detect this...

[Gargamel360]

Please tell me you guys are on this: http://tinyurl.com/crvwnja    Wow, I'm seriously shocked to see that so many Macs were infected at one time. I hope avast has been updated to detect this...

Hey just a OT heads up, but try not to use shortened urls on this forum, it is generally frowned upon.

But yeah, the Flashback looks nasty, as botnets usually are.  I'm sure Avast! will add it ASAP....but it was probably more a result (as usual) of people not updating the 3rd party software (java), especially on Macs where people get to feeling immune from the general safety compared to Win.

Here also is a manual method to determine if you are infected>>http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

[.: Mac :.]

Please tell me you guys are on this: http://tinyurl.com/crvwnja    Wow, I'm seriously shocked to see that so many Macs were infected at one time. I hope avast has been updated to detect this...

Hey just a OT heads up, but try not to use shortened urls on this forum, it is generally frowned upon.

But yeah, the Flashback looks nasty, as botnets usually are.  I'm sure Avast! will add it ASAP....but it was probably more a result (as usual) of people not updating the 3rd party software (java), especially on Macs where people get to feeling immune from the general safety compared to Win.

Here also is a manual method to determine if you are infected>>http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

The problem is that in Mac OS X you CAN NOT update Java on your own.  Apple compiles a java update whenever they feel like it and they are always 2-3 updates behind the official Oracle release. In this case, Oracle had fixed the flaw several weeks ago but apple just released the Java update this week!

[Gargamel360]

The problem is that in Mac OS X you CAN NOT update Java on your own.  Apple compiles a java update whenever they feel like it and they are always 2-3 updates behind the official Oracle release. In this case, Oracle had fixed the flaw several weeks ago but apple just released the Java update this week!

Oh, thats real cute.     They need to come down off their high horse a little.   Not all the way off it, because they make good stuff and they should be proud,  but if they keep that up, hubris is gonna bite them worse than this again sometime own the road.

[.: Mac :.]

Java 6 is hopefully the last release that will be reliant on Apple. Oracle is working on Java 7 for OS X and should finally release directly instead of relying on apple

[macmomma08]

Does Macscan and Avast find this? I have them both and they don't seem to see any problems.

[internetworld7]

Wow, I was hoping by now to get a response from avast! that they have in fact released a definition for this malware. Perhaps I should post this in the Windows section.

[mity]

Well, more appropriate forum for this kind of question is probably http://forum.avast.com/index.php?board=4.0 as we share virus definitions with Windows product. I believe we do detect the flashback trojan.

Regards,
Mity

[true indian]

sadly we arent 

https://www.virustotal.com/file/2206675e19df3ec05ac3ddbe7293686975d83bfc36ebce7d99b77e259b5ee883/analysis/


how i wish i could get a sample of this to send to avast....i found VT result from google

[Lisandro]

I believe we do detect the flashback trojan.

Bad news... We should be there in the first wave. Unfortunately, seems we missed it. Sadly.

[russwilde]

Looking at http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

This bit interested me:

On execution, the malware checks if the following path exists in the system:

/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.

So, if I have read that correctly; the very act of having Avast! installed (or Xcode or another of the above applications) prevents the virus from infecting your machine, regardless of whether Avast! can actually detect or protect against it.
Seems like a pretty simple solution - unless you've already been infected of course.

[true indian]

I believe we do detect the flashback trojan.

Bad news... We should be there in the first wave. Unfortunately, seems we missed it. Sadly.

Tech almost all the sites where the malware was being hosted have been shut down...i am struggling to find a sample to send it to avast.

[Lisandro]

Tech almost all the sites where the malware was being hosted have been shut down...i am struggling to find a sample to send it to avast.

They could receive from virustotal also...

russwilde, thanks for the info. Are they saying that the malware creators just give up if avast is installed? Why?

[bilbo--baggins]

So is it still not included in Avast?  I'm sure I read that VirusBarrier included it in early March.

Avast for Mac beta seems really stable now.  I uninstalled it last Autumn because it was causing problems and development seemed to be really slow, but I tried it again recently and it seems much better.  Am I right in thinking that the more people that install it the more chance of Avast finding new viruses early on?  Are they automatically submitted when they're detected?

[Lisandro]

Are they automatically submitted when they're detected?

Do you mean by Virus Total? Yes.