• Total Posts: 43051
  • Total Topics: 16234
  • Online Today: 5014
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Variant of Mac Flashback Malware Making the Rounds  (Read 2104 times)

0 Members and 1 Guest are viewing this topic.


  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Variant of Mac Flashback Malware Making the Rounds
« on: 19. April 2012., 12:12:32 »

Attention, Mac users! By now you have probably heard about the Mac Flashback Trojan, a nasty malware package designed to steal your personal information. Read this article to learn more about the threat, and if your Mac is infected, the good news is that McAfee has a solution. http://​​products/mcafee-avert/stinger/​ “Share” this post with your friends to help keep them informed!

Variant of Mac Flashback Malware Making the Rounds

Unless you have been living under a nondigital rock recently, you have probably heard of the Flashback Trojan, which attacks Macs. Around April 4 we saw reports of more than 500,000 infections by this malware. Further, McAfee Labs has recently come across a new variant making the rounds. This is no surprise: Whenever a piece of malware or attack is successful, we are bound to encounter copies and variations.

A key thing to remember is that this is a Trojan. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the guise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels often include email, malicious web pages, Internet Relay Chat (IRC), peer-to-peer networks, and other means. As of this writing, this Trojan is targeted at vulnerable Java plug-ins related to the CVE-2012-0507 vulnerability. When a user visits a compromised page, it often uses an iframe tag that redirects the user to another malicious page, where the actual exploit is triggered by the malicious Java applet.

OSX/Flashfake (the official detection name) is dropped by malicious Java applets that exploit CVE-2012-0507. On execution, the malware prompts the unsuspecting victim for the administrator password. Regardless whether the user inputs the password, the malware attempts to infect the system; entering the password only changes the method of infection.

The Trojan may arrive as the PKG file comadobefp.pkg and comes disguised as a Flash player installer:

Larger picture

It prompts the user for administrative rights:

Larger picture

Once the malware package is successfully installed, it tries to make contact with its remote sites to download any necessary configuration files:

Larger picture

Another characteristic of this malware is that it checks whether a firewall is installed on the target system. If one is found, it will remove the installation. (Other versions of Flashback are delivered via the sinkhole exploit.)

Infected users unwittingly download a variety of fake-AV packages. To avoid that fate, make sure you are running the latest security software on an up-to-date system, use a browser plug-in to block the execution of scripts and iframes, and use safe-browsing add-ons that help you avoid unwanted or suspicious websites.

My thanks go out to colleagues David Beveridge, Abhishek Karnik, and Kevin Beets for letting me pass along their analysis!

Orginal article: Wednesday, April 11, 2012 at 3:22pm by David Marcus

Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing !,8405.msg21475.html#msg21475

Samker's Computer Forum -

Variant of Mac Flashback Malware Making the Rounds
« on: 19. April 2012., 12:12:32 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising