Flashback Trojan

Leave a comment

I’m sorry I have been gone for a while, but,  I got caught up in conferences and final projects/exams, and I lost control of my schedule.

Something important happened while I was gone, though, the Flashback Trojan!  We have discussed trojans before.   They are similar to viruses in that they disrupt the operation of a computer or make your computer vulnerable to data theft or keystroke logging,  or other things.    They are different from viruses in that they cannot infect another computer.   What makes this particular trojan interesting is not its structure or action, but rather that it was directed to a Macintosh.  My friends and colleagues who use Macintosh computers have smugly reminded me for years that they do not run virus protection software on their computers because they do not need it;  Macs don’t get malware.   Yet on April 5, it was reported that over 600,000 Macs were infected with this trojan.  This malware was initially found in September 2011 masquerading as a fake Adobe Flash Player plug-in installer, but it has also exploited Java vulnerabilities to infect Macs.

Do you wonder if you have it?  Check the security company F-Secure, which has published instructions on how to determine whether a Mac is infected with Flashback.  If your computer is infected with the trojan, you can learn how to remove it from CNet.

This is not the first malware product lately to infect the Mac, but it was the most widespread. The question you may be asking right now is WHY????  As I said, most Mac users do not bother with malware protection because to this date they have not needed it.  Yes, it is true that the Mac operating system has fewer holes in it to exploit when compared with Windows.  Yet, I believe there is more to the story.  Historically there have been many more Windows-machines than Macs, and they tended to be more pervasive in industry.  If your goal was to cause significant disruption or to steal data and identities, you would get a bigger bang associated with Windows machines than Macs.   I believe that is exactly what malware writers have been doing.  However, the Mac isn’t just for schools and artists anymore, it is being used in more businesses and by more people.   It stands to reason that more malware will be written for these machines, especially since there are less people protecting the Macs and few companies that are actively involved in research into the attacks.

So, what does it mean for you?   I would recommend that you purchase anti-virus software and use it.  That is, you not only need to install the software, but you must update the virus patterns weekly (if not more often).  Second, you need to be careful what attachments you open.  If you are suspicious, do not open it.  That holds for updates too.  Research what is being updated and whether that popup is legitimate.  Be careful — even with solid doors with locks, you must be vigilant to insure the burglar does not steal your possessions.  The same is true with the protection of your computer.

Viruses and Trojan Horses

1 Comment

A virus is an unwanted application (software program) that attaches itself to your computer without your knowledge. It attempts to reproduce itself and change or delete files under specific circumstances. For example the virus might be activated each time a specific day of the month, or when a specific file is opened, or when certain actions are observed. This activation is referred to as the “payload”. Some viruses do nothing but reproduce themselves. Some perform trivial extras like beeping the keyboard, or forcing the file to be saved in a specific format. Some are more destructive and attempt to rename or erase files or destroy the hard drive. There are many varieties of viruses, each with a specific set of actions it intends to complete.

Macro viruses are programming code, created by hackers or unethical programmers, which is either annoying, prankish or harmful. The macros are written to attach themselves to the default document of a software package such as Word or Excel. When an unsuspecting user opens a document containing a macro virus, the virus attaches itself to the default document. Each time a document is created or edited from this time forward, the virus attaches itself to that document. The problem escalates as the document is passed on to other computers by file sharing or e-mail. The virus continues to spread until it is removed.  Boot sector viruses attach themselves to the part of the disk that is read by the computer when it starts up. The boot sector contains important information about the disk. In most cases, the virus relocates this information to another location and displays its own code.

A computer virus is a program and not a microorganism, but it is infectious and can be highly complex. Viruses implant instructions in other programs or storage devices that can attack, scramble, or erase computer data. They are often obtained by downloading executable software from emails, the web or social networking sites.  It is usually the unwary who get computer viruses. ALWAYS run virus detection software on your computer.  Equally important, however, is updating the program regularly.  This is similar to getting a flu shot each year because the strain of flu changes somewhat from year to year.  You must get the latest update to be sure that your computer is protected from the latest strain of computer viruses.  ALWAYS keep a back up of important files in case your computer does get a virus (or has another form of failure).  Obtain new software from reputable sources and check new software (and other files) with virus protection software before saving to your hard drive.

A Trojan Horse is similar to a virus, in that it is a malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses! When these programs are executed, the embedded virus is executed too, thus propagating the `infection’. This normally happens invisibly to the user.  It cannot, however, infect other computers without assistance, such as downloading files from websites. The virus may do nothing but propagate itself and then allow the program to run normally.

Virus problems are terribly costly to individuals and to businesses.  The best defense is virus protection software and frequent updating of the protection files.