What does the Flashback malware do?

malware

Solution 1:

From Wikipedia:

The Trojan [FlashBack] targets a Java vulnerability on Mac OS X. The system is infected after the user is redirected to a compromised bogus site, where JavaScript code causes an applet containing an exploit to load. An executable file is saved on the local machine, which is used to download and run malicious code from a remote location. The malware also switches between various servers for optimised load balancing. Each bot is given a unique ID that is sent to the control server.. The trojan, however, will only infect the user visiting the infected web page, meaning other users on the computer are not infected unless their user accounts have been infected separately, this is due to the UNIX security system.

For a lengthier, more technical description, read this F-Secure article.

Solution 2:

It means someone has bypassed the security on your Mac and can install new programs, steal data like passwords, banking web site locations and perhaps other sensitive personal emails and information.

It also means then can install other software on your Mac if it connects to the Internet to further do similar acts of I'll repute.

Lastly, it could crash your Mac if the program has logic errors or was not thoroughly tested.

If you are really interested in this subject, here are some links I have found to be helpful to understand the problem. The program itself is clearly quite sophisticated and will try to install itself as an admin process (total control) and if it cannot escalate itself to the equivalent of root access, will still install itself as a user level process and work with your files, but not the whole machine's data.

The company, Intego, that first reported this exploit has a established good record for providing balanced reports and assessments of the risks of Mac malware. It was specifically designed to grab passwords and although reports of mitigation efforts have surely lessened the brunt of the damage, I believe it's folly to assume all variants of the "flashback" trojan are completely neutralized or even detected perfectly.

What is always worrisome is when a trojan successfully has gotten control of a computer and can check in with other computers to download new instructions, the sky is the limit as to what can be done if the program is undetected and the people running it have a chance to make money from exploiting personal information, passwords or just driving traffic to sites that they receive compensation from legitimate and networks like Google and others.

Additional reading:

  • http://www.macworld.com/article/1166622/symantec_flashback_malware_netted_upwards_of_10000_a_day.html
  • http://www.macworld.com/article/1165534/intego_finds_new_insidious_strain_of_mac_flashback_trojan_horse.html

I don't mean to cause undue alarm, but this program not only was caught steering search results to pay click revenue on a massive scale but also did a good job of attempting to collect passwords from macs that were compromised before countermeasures were deployed.

Related

Can I pay for an upgrade to Lion and get Mountain Lion free later?
How to backup iPhone contacts (no iCloud, iTunes or Outlook)?
Why doesn't the screen command source my .profile?
MacBook connecting to wrong network?
Why won't my Airport Extreme mount my USB 3.0 External Hard Drive?
I don't want to lose my data on my iPhone, can someone help?
What can be done to make my Mountain Lion Mac drops connection to my Cisco router less often?
Launch app periodically with Automator
Retina macbook max USB power output
Folder in root greyed out in Finder but accessible in Terminal
How does Application Level Firewall work?
How do I erase an encrypted TimeMachine drive on Mountain Lion if I've forgotten the password?