Please tell me you guys are on this: http://tinyurl.com/crvwnja :-[
Wow, I’m seriously shocked to see that so many Macs were infected at one time. I hope avast has been updated to detect this…
Hey just a OT heads up, but try not to use shortened urls on this forum, it is generally frowned upon.
But yeah, the Flashback looks nasty, as botnets usually are. I’m sure Avast! will add it ASAP…but it was probably more a result (as usual) of people not updating the 3rd party software (java), especially on Macs where people get to feeling immune from the general safety compared to Win.
Here also is a manual method to determine if you are infected>>http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
The problem is that in Mac OS X you CAN NOT update Java on your own. 
Apple compiles a java update whenever they feel like it and they are always 2-3 updates behind the official Oracle release. In this case, Oracle had fixed the flaw several weeks ago but apple just released the Java update this week! 
Oh, thats real cute. :
They need to come down off their high horse a little. Not all the way off it, because they make good stuff and they should be proud, but if they keep that up, hubris is gonna bite them worse than this again sometime own the road.
Java 6 is hopefully the last release that will be reliant on Apple. Oracle is working on Java 7 for OS X and should finally release directly instead of relying on apple
Does Macscan and Avast find this? I have them both and they don’t seem to see any problems.
Wow, I was hoping by now to get a response from avast! that they have in fact released a definition for this malware. Perhaps I should post this in the Windows section.
Well, more appropriate forum for this kind of question is probably http://forum.avast.com/index.php?board=4.0 as we share virus definitions with Windows product. I believe we do detect the flashback trojan.
Regards,
Mity
sadly we arent
how i wish i could get a sample of this to send to avast…i found VT result from google
Bad news… We should be there in the first wave. Unfortunately, seems we missed it. Sadly.
Looking at http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
This bit interested me:
On execution, the malware checks if the following path exists in the system:/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.
So, if I have read that correctly; the very act of having Avast! installed (or Xcode or another of the above applications) prevents the virus from infecting your machine, regardless of whether Avast! can actually detect or protect against it.
Seems like a pretty simple solution - unless you’ve already been infected of course.
Tech almost all the sites where the malware was being hosted have been shut down…i am struggling to find a sample to send it to avast.
They could receive from virustotal also…
russwilde, thanks for the info. Are they saying that the malware creators just give up if avast is installed? Why?
So is it still not included in Avast? I’m sure I read that VirusBarrier included it in early March.
Avast for Mac beta seems really stable now. I uninstalled it last Autumn because it was causing problems and development seemed to be really slow, but I tried it again recently and it seems much better. Am I right in thinking that the more people that install it the more chance of Avast finding new viruses early on? Are they automatically submitted when they’re detected?
Do you mean by Virus Total? Yes.
Yes the more Mac community members the more samples can be sent to the Virus lab for analysis
So is everyone safe now then? Also, why don’t any of those things to put into terminal mention chrome? Did it leave chrome alone?
Today’s VPS contains the detections for the flashback trojan see:
MacOS:Flashback-L [Drp], MacOS:Flashback-M [Trj], MacOS:Flashback-N [Trj]
Its good to see this in the updates.
@tech it does look like the presence of /Applications/Avast.app causes the Trojan to halt and delete itself. Other applications including xcode also have this effect.
I don’t know why really, but I will hazard a guess:
I notice the Trojan is quite selective over which apps and versions it goes for in an attempt to avoid detection by crashing during a failed infection.
The apps that cause the self destruct are either anti viral software or programming and debugging software. My guess is that this is an attempt to avoid detection by programmers or anti virus software that may recognise a threat on the Trojan before the payload is delivered. It could also be a little insurance to make sure that the creator’s test machine doesn’t get hit.