04-03-2012, 11:58 AM #1
New Trojan Variant Can Install Without Password
New Trojan Variant Can Install Without Password | PCWorld
A new variant of the Flashback Trojan that appeared last year can install itself on a Mac without need for an administrator's password.
By Dan Moren, Macworld Apr 2, 2012 4:13 pm
Flashback, a Mac Trojan horse thatís been in the public eye since it was uncovered by security firm Intego last year, has a new trick up its sleeve: It can now infect your computer from little more than a visit to a website.
Originally, Flashback masqueraded as an installer for Adobeís Flash Playeróhence the nameóbut the malware has changed tacks at last once since then, instead pretending to be a Mac software update or a Java updater.
The latest variant, discovered by security researchers at F-Secure and dubbed OSX/Flashback.K, takes advantage of a weakness in Java SE6. That vulnerability, identified as CVE-2012-0507, allows the malware to install itself from a malicious website the user visits, without needing the user to enter an administratorís password.
No fix is currently available for this vulnerability on the Mac, although the hole was patched in Java for Windows back in February. Unfortunately, Apple has long been criticized for lagging behind Windows when it comes to updating Java for security patches. However, given that Apple rolls out updates every few months, it seems likely that the company will distribute a patch in the not too distant future.
Until then, F-Secure suggests users deactivate Java on their Macs. The company has also given instructions for checking if your system is currently infected by the Flashback Trojan.
Itís also worth noting that the Java vulnerability has recently been included in the popular BlackHole exploit kit used by many attackers.
While thereís no need for widespread panic, the fact that this latest version of the malware can install itself without the userís password is enough of a reason for concern that some precautions are necessary. Disabling Java is a good step, but the first line of defense is, as always, to be cognizant of the websites you visit and use common sense.
04-05-2012, 11:49 AM #2
Re: New Trojan Variant Can Install Without Password
Apple Patches Java Flaw Exploited by Flashback Trojan
- Apr 04, 2012 12:36 PM EST
- 2 Comments
By Fahmida Y. Rashid
Mac users with Java installed should act quickly to install the latest version of Java from Apple. The security flaw is already being exploited by the Flashback Trojan in drive-by download attacks.
Apple updated Java to version 6 update 31 for OS X 10.6 (Snow Leopard) and 10.7 (Lion) on Apr. 3. The update addressed 12 vulnerabilities in Java, which could be exploited by malicious Websites to run code using the privileges of the current user, Apple said in its security notice. Oracle fixed the same security flaw for Java for Windows, Linux, and Unix back in February.
The new Mac malware, a variant of the Flashback Trojan, did not require user interaction to infect computers. Malicious Websites exploited a specific Java vulnerability (CVE-2012-0507) that allowed Flashback.K to download itself on to Macs without user awareness in a drive-by download attack. Once installed, the malware displayed a dialog window to ask the user for the administrative password, according to an analysis by researchers at F-Secure. Even if users didn't enter the password, it was too late, as the malware was already resident on the computer.
The Flashback.K is "one of the first cases of drive-by exploitation we have seen for OS X," Chester Wisniewski, a senior security advisor at Sophos, wrote on the Naked Security blog.
Russian security firm Dr. Web (Google Translate) claimed over 550,000 Macs have been infected with this version of Flashback. Mikko Hypponen, chief scientist of F-Secure, said on Twitter that F-Secure was unable to confirm or deny the number at this time.
Once on the computer, Flashback.K injects itself into the Safari Web browser and modifies the contents of certain Web pages to trick users. There are reports that exploits for the Java vulnerability has been recently added to the Blackhole exploit kit, which means it has become even easier for criminals to launch malicious Websites that can take advantage of the flaw.
"It appears that the Flashback gang is keeping up with the latest in exploit kit development," F-Secure said.
Even though Lion does not ship with Java by default on new installations, many Mac users installed it manually, often because a Website required the platform. When they got to those sites, they were prompted to download and install Java, and may have forgotten since then that they have it on their Macs.
Apple has long maintained its platform was safe from malware. In the past year, malware developers have started developing attacks specifically for the Mac OS X. Just last week, AlienVault warned of malicious Microsoft Office for Mac files that appeared to be targeting non-governmental organisations in Tibet.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By Obadele Kambon in forum Math and Science (STEM)Replies: 0Last Post: 04-09-2012, 09:00 AM
By Ajamu in forum Math and Science (STEM)Replies: 0Last Post: 02-24-2012, 01:29 PM
By Ajamu in forum Math and Science (STEM)Replies: 0Last Post: 11-03-2011, 03:52 PM
By KhepraEvolutionary in forum Math and Science (STEM)Replies: 0Last Post: 10-13-2008, 10:18 PM
Visitors found this page by searching for:
Nobody landed on this page from a search engine, yet!
Tags for this Thread
Advertise With Us?