AUGD: Recent Malware; What To Do About It
AUGD: Recent Malware; What To Do About It
- Subject: AUGD: Recent Malware; What To Do About It
- From: "Randy B. Singer" <email@hidden>
- Date: Fri, 06 Apr 2012 09:58:16 -0700
I just sent this e-mail out to my user group. Others may want to
send it to their group members as well. (Adjusting for the fact that
my user group is for Mac-using attorneys, and yours probably isn't) 8-)
There are a couple of new Trojan Horses going around that are quite
nasty. The one that is receiving the most press is called Flashback.
Article: Mac Flashback Trojan: Find Out If You’re One of the 600,000
Infected
<http://gizmodo.com/5899352/mac-flashback-trojan-find-out-if-youre-
one-of-the-600000-infected>
This article will tell you how to find out if you are already
infected by the Flashback Trojan, and it tells where to go to find
instructions on how to eliminate this malware if you are.
(Don't be too upset by the title of that article. I've yet to hear a
single firsthand account of someone being infected by Flashback.)
A simpler method (i.e. non-command line) than the F-Secure steps to
check to see if you are infected by Flashback is this little app that
runs the test for you. It just posts a dialog that says whether or
not you're infected, It does not make any attempt to remove the
trojan. You can download it here:
<http://rsdeveloper.com/downloads/test4flashback.zip>
Apple has already pushed out an update to Java that includes a patch
to make your Mac immune to Flashback.
Once you either find out that you aren't infected with Flashback, or
you find out that you are infected with Flashback and you eliminate
it, it would be a very good idea to go ahead and update Java to
acquire immunity to Flashback.
<http://support.apple.com/kb/HT5228?viewlocale=en_US&locale=en_US>
Java, by the way, is a programming language that is used for
applications and advanced features on Web sites. It's use has become
very rare. If you think that it is unlikely that you even have a need
for Java, it is possible to completely disable Java so that it can be
totally eliminated as a vector of malware infection on your computer.:
<http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-
and-disable-java-in-os-x/>
If you don't know if you need Java for anything...I recommend that
you disable it. If a program or a Web site subsequently gives an
error message and refuses to run...reinable it. It's not a difficult
or immutable act.
There is another Trojan Horse going around that is carried via a
Microsoft Office document. Don't confuse this with the Flashback
Trojan. Apple has already pushed out a patch to protect you against
this Trojan also.
Apple updated XProtect with a definition to catch the Office
vulnerability. They refer to it as "OSX/Mdropper.i." This should have
happened automatically in the background on your Mac if your are
running OS X 10.6 or higher (i.e. Snow Leopard or Lion).
<http://support.apple.com/kb/HT465>
(There is no version of XProtect included in versions of OS X prior
to OS X 10.6/Snow Leopard.)
To find out which version of XProtect your Mac has installed, and
when it was last updated you can download this free widget:
<http://www.brunerd.com/blog/2011/06/03/safe-downloads-widget/>
The latest Mdropper.i update came around April 2.
In addition, if you have Microsoft Office installed, it's a good idea
to install the Microsoft updaters for Office. These include a patch
against this Trojan also:
<http://www.microsoft.com/mac/downloads>
Now, the question that always comes up is: Do I need to install anti-
virus (AV) software at this point?
Most ordinary Mac users do completely without any AV software, and
yet you just about never hear about a Mac user being infected with
Malware. There are still no actual viruses (defined as self-
propogating software) for the Macintosh. I’ve told you, above, how
to deal with the latest malware threats without the need for AV
software. So not much has changed that would require that we all run
out and purchase AV software.
However, as attorneys we are used to engaging in “best practices.”
I’ve run what is usually the most highly rated (in magazine
comparison tests) AV software program for the Mac for over a decade:
Intego’s VirusBarrier ($50)
<http://www.intego.com/virusbarrier>
just to be able to tell clients that I am running AV software.
(Clients don’t understand that a Macintosh isn’t the same thing as a
Windows computer. And I don’t want to bother to try explaining the
difference to them.)
In all that time VirusBarrier has never actually protected me from
anything of any consequence. While VirusBarrier is excellent, some
users have (rarely) reported that it can cause nasty software
conflicts (as can any AV software that runs constantly in the
background). And since VirusBarrier always running in the background
on your Mac, even though it is mostly unnoticable, there is some
(minor) level of performance degridation (and once again, this is
true of any AV software that is always running in the background).
So, instead, you may want to download and regularly use this free
product:
ClamXav (free)
http://www.clamxav.com/
ClamXav doesn’t run constantly in the background like most other AV
programs. (So it shouldn’t cause any software conflicts or
slowdowns.) It can, however, be set to run on a schedule. It is
easy to use, and it is comprehensive. So it is a good choice to
install on your Mac, even if AV software really isn’t necessary for
your Mac.
___________________________________________
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
Macintosh OS X Routine Maintenance
http://www.macattorney.com/ts.html
___________________________________________
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Augd mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden