HOME

TheInfoList



Click Here for Items Related To - Fakeflash
OR:
Fakeflash on:   [Wikipedia]   [Google]   [Amazon]

OSX.FlashBack, also known as the Flashback Trojan, Fakeflash, or Trojan BackDoor.Flashback, is a
Trojan horse The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
affecting personal computer systems running Mac
OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and la ...
. The first variant of Flashback was discovered by antivirus company
Intego Intego is a Mac and Windows security software company founded in 1997 by Jean-Paul Florencio and Laurent Marteau. The company creates Internet security software for macOS and Windows, including: Antivirus software, antivirus, Firewall (computin ...
in September 2011.September 26, 2011
Mac Flashback Trojan Horse Masquerades as Flash Player Installer Package
Intego Security


Infection

According to the Russian antivirus company
Dr. Web Dr.Web is a software suite developed by Russian anti-malware company Doctor Web. First released in 1992, it became the first anti-virus service in Russia. The company also offers anti-spam solutions and is used by Yandex to scan e-mail attachment ...
, a modified version of the "BackDoor.Flashback.39" variant of the Flashback Trojan had infected over 600,000 Mac computers, forming a
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its co ...
that included 274 bots located in
Cupertino, California Cupertino ( ) is a city in Santa Clara County, California, United States, directly west of San Jose on the western edge of the Santa Clara Valley with portions extending into the foothills of the Santa Cruz Mountains. The population was 57, ...
.Jacqui Cheng, 4 April 2012
Flashback Trojan reportedly controls half a million Macs and counting
Ars Technica4 April 2012
Doctor Web exposes 550 000 strong Mac botnet
Dr. Web The findings were confirmed one day later by another computer security firm,
Kaspersky Lab Kaspersky Lab (; Russian language, Russian: Лаборатория Касперского, Romanization of Russian, tr. ''Laboratoriya Kasperskogo'') is a Russian Multinational corporation, multinational cybersecurity and anti-virus provider head ...
. This variant of the
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
was first detected in April 2012 by Finland-based computer security firm
F-Secure F-Secure Corporation is a global cyber security and privacy company, which has its headquarters in Helsinki, Finland. The company has offices in Denmark, Finland, France, Germany, India, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Swed ...
. Dr. Web estimated that in early April 2012, 56.6% of infected computers were located within the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 U.S. state, states, a Washington, D.C., federal district, five ma ...
, 19.8% in
Canada Canada is a country in North America. Its ten provinces and three territories extend from the Atlantic Ocean to the Pacific Ocean and northward into the Arctic Ocean, covering over , making it the world's second-largest country by tota ...
, 12.8% in the
United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Europe, off the north-western coast of the European mainland, continental mainland. It comprises England, Scotlan ...
and 6.1% in Australia.


Details

The original variant used a fake installer of
Adobe Flash Player Adobe Flash Player (known in Internet Explorer, Firefox, and Google Chrome as Shockwave Flash) is computer software for viewing multimedia contents, executing rich Internet applications, and streaming audio and video content created on the A ...
to install the malware, hence the name "Flashback". A later variant targeted a
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mo ...
vulnerability on Mac OS X. The system was infected after the user was redirected to a compromised bogus site, where
JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of Website, websites use JavaScript on the Client (computing), client side ...
code caused an
applet In computing, an applet is any small application that performs one specific task that runs within the scope of a dedicated widget engine or a larger program, often as a plug-in. The term is frequently used to refer to a Java applet, a program w ...
containing an exploit to load. An executable file was saved on the local machine, which was used to download and run malicious code from a remote location. The malware also switched between various servers for optimized load balancing. Each bot was given a unique ID that was sent to the control server. The trojan, however, would only infect the user visiting the infected web page, meaning other users on the computer were not infected unless their user accounts had been infected separately.


Resolution

Oracle An oracle is a person or agency considered to provide wise and insightful counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. As such, it is a form of divination. Description The wor ...
, the company that develops Java, fixed the vulnerability exploited to install Flashback on February 14, 2012. However, at the time of Flashback's release, Apple maintained the Mac OS X version of Java and did not release an update containing the fix until April 3, 2012, after the flaw had already been exploited to install Flashback on 600,000 Macs. On April 12, 2015, the company issued a further update to remove the most common Flashback variants. The updated Java release was only made available for
Mac OS X Lion OS X Lion, also known as Mac OS X Lion, (version 10.7) is the eighth major release of macOS, Apple's desktop and server operating system for Mac computers. A preview of OS X 10.7 Lion was publicly shown at the "Back to the Mac" Apple Speci ...
and
Mac OS X Snow Leopard Mac OS X Snow Leopard (version 10.6) is the seventh major release of macOS, Apple's desktop and server operating system for Macintosh computers. Snow Leopard was publicly unveiled on June 8, 2009 at Apple’s Worldwide Developers Conferen ...
; the removal utility was released for Intel versions of
Mac OS X Leopard Mac OS X Leopard (version 10.5) is the sixth major release of macOS, Apple's desktop and server operating system for Macintosh computers. Leopard was released on October 26, 2007 as the successor of Mac OS X 10.4 Tiger, and is available in two ...
in addition to the two newer operating systems. Users of older operating systems were advised to disable Java. There are also some third party programs to detect and remove the Flashback trojan. Apple worked on a new process that would eventually lead to a release of a Java Runtime Environment (JRE) for Mac OS X at the same time it would be available for Windows, Linux, and Solaris users. As of January 9, 2014, about 22,000 Macs were still infected with the Flashback trojan.


See also

*
Mac Defender Mac Defender (also known as Mac Protector, Mac Security, Mac Guard, Mac Shield, and FakeMacDef) is an internet rogue security program that targets computers running macOS. The Mac security firm Intego discovered the fake antivirus software on 2 M ...
*
Leap (computer worm) The Oompa-Loompa malware, also called OSX/Oomp-A or Leap.A, is an application-infecting, LAN-spreading computer worm, worm for Mac OS X, discovered by the Apple Inc., Apple security firm Intego on February 14, 2006. Leap cannot spread over the I ...


References

{{reflist


External links


Apple Delays, Hackers Play
April 12, 2012 MacOS malware Trojan horses