Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.mac.system > #23405 > unrolled thread

Does the Flashback trojan affect Chrome? Lion?

Started byAlan Browne <alan.browne@FreelunchVideotron.ca>
First post2012-04-07 09:43 -0400
Last post2012-04-09 16:26 -0400
Articles 7 on this page of 47 — 12 participants

Back to article view | Back to comp.sys.mac.system


Contents

  Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 09:43 -0400
    Re: Does the Flashback trojan affect Chrome?  Lion? Jolly Roger <jollyroger@pobox.com> - 2012-04-07 08:30 -0700
      Re: Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 11:46 -0400
        Re: Does the Flashback trojan affect Chrome?  Lion? Jolly Roger <jollyroger@pobox.com> - 2012-04-07 09:04 -0700
          Re: Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 13:59 -0400
            Re: Does the Flashback trojan affect Chrome?  Lion? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-07 18:43 -0400
              Re: Does the Flashback trojan affect Chrome?  Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-07 23:01 -0400
                Re: Does the Flashback trojan affect Chrome?  Lion? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-07 23:26 -0400
                  Re: Does the Flashback trojan affect Chrome?  Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 14:14 -0400
                Re: Does the Flashback trojan affect Chrome?  Lion? Paul Sture <paul@sture.ch> - 2012-04-08 14:12 +0200
                Re: Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-09 16:36 -0400
      Re: Does the Flashback trojan affect Chrome?  Lion? Kurt Ullman <kurtullman@yahoo.com> - 2012-04-07 12:05 -0400
        Re: Does the Flashback trojan affect Chrome?  Lion? Jolly Roger <jollyroger@pobox.com> - 2012-04-07 09:07 -0700
          Re: Does the Flashback trojan affect Chrome?  Lion? Leonard Blaisdell <leoblaisdell@sbcglobal.net> - 2012-04-07 22:32 -0700
            Re: Does the Flashback trojan affect Chrome?  Lion? dempson@actrix.gen.nz (David Empson) - 2012-04-08 23:01 +1200
    Re: Does the Flashback trojan affect Chrome?  Lion? Michelle Steiner <michelle@michelle.org> - 2012-04-07 08:59 -0700
      Re: Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 13:56 -0400
        Re: Does the Flashback trojan affect Chrome?  Lion? Michelle Steiner <michelle@michelle.org> - 2012-04-07 11:18 -0700
          Re: Does the Flashback trojan affect Chrome?  Lion? dempson@actrix.gen.nz (David Empson) - 2012-04-08 10:17 +1200
            Re: Does the Flashback trojan affect Chrome?  Lion? Barry Margolin <barmar@alum.mit.edu> - 2012-04-07 19:53 -0400
              Re: Does the Flashback trojan affect Chrome?  Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-07 23:04 -0400
                Re: Does the Flashback trojan affect Chrome?  Lion? Barry Margolin <barmar@alum.mit.edu> - 2012-04-07 23:40 -0400
                  Re: Does the Flashback trojan affect Chrome?  Lion? dempson@actrix.gen.nz (David Empson) - 2012-04-08 16:32 +1200
                  Re: Does the Flashback trojan affect Chrome?  Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 14:18 -0400
                    Re: Does the Flashback trojan affect Chrome?  Lion? Barry Margolin <barmar@alum.mit.edu> - 2012-04-08 17:40 -0400
                      Re: Does the Flashback trojan affect Chrome?  Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 19:56 -0400
                        Re: Does the Flashback trojan affect Chrome?  Lion? Barry Margolin <barmar@alum.mit.edu> - 2012-04-08 22:36 -0400
                          Re: Does the Flashback trojan affect Chrome?  Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-09 00:32 -0400
                        Re: Does the Flashback trojan affect Chrome?  Lion? Paul Sture <paul@sture.ch> - 2012-04-09 09:21 +0200
                        Re: Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-09 11:37 -0400
                          Re: Does the Flashback trojan affect Chrome?  Lion? Barry Margolin <barmar@alum.mit.edu> - 2012-04-09 14:48 -0400
                            Re: Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-09 15:33 -0400
                              Re: Does the Flashback trojan affect Chrome?  Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-09 21:41 -0400
                                Re: Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-10 17:36 -0400
                                  Re: Does the Flashback trojan affect Chrome?  Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-10 23:15 -0400
                              Re: Does the Flashback trojan affect Chrome?  Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-09 21:42 -0400
                            Re: Does the Flashback trojan affect Chrome?  Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-09 21:37 -0400
                              Re: Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-10 17:35 -0400
                                Re: Does the Flashback trojan affect Chrome?  Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-10 23:19 -0400
                                  Re: Does the Flashback trojan affect Chrome?  Lion? Paul Sture <paul@sture.ch> - 2012-04-11 10:40 +0200
                              Re: Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-10 17:36 -0400
          Re: Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-08 09:07 -0400
    Re: Does the Flashback trojan affect Chrome?  Lion? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-07 19:05 -0400
      Re: Does the Flashback trojan affect Chrome?  Lion? Tim Streater <timstreater@greenbee.net> - 2012-04-08 00:24 +0100
      Re: Does the Flashback trojan affect Chrome?  Lion? dempson@actrix.gen.nz (David Empson) - 2012-04-08 16:32 +1200
    Re: Does the Flashback trojan affect Chrome?  Lion? Rob Friefeld <someone@verizon.net> - 2012-04-08 10:59 -0700
      Re: Does the Flashback trojan affect Chrome?  Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-09 16:26 -0400

Page 3 of 3 — ← Prev page 1 2 [3]


#23600

FromAlan Browne <alan.browne@FreelunchVideotron.ca>
Date2012-04-10 17:36 -0400
Message-ID<PPadncRi-L9uOhnSnZ2dnUVZ_vGdnZ2d@giganews.com>
In reply to#23575
On 2012-04-09 21:37 , Wes Groleau wrote:
> On 04-09-2012 14:48, Barry Margolin wrote:
>> Alan Browne<alan.browne@FreelunchVideotron.ca> wrote:
>>> On 2012-04-08 19:56 , Wes Groleau wrote:
>>>
>>> Mac when I advised it, two of the things they do need that none of the
>>> teens did are defragmentation and malware protection. .
>>>
>>> Defrag? Puh-leaze.
>>>
>>> Never used it after Windows 95. As disks got larger defrag became more
>>> and more pointless. (Never mind diminishing returns - it was negative
>>> returns as the computer was out of service (or slow) during de-frag and
>>> it just added wear and tear to the drive).
>>
>> I think that was his point: even though there's no reason to do it, it
>> has become part of the culture, so the practice continued. The fact
>> that these teens defragged is an indication that they didn't know what
>> they were doing.
>
> No, you only read what he quoted. I've restored a little context.
> They had Windows XP, as I do at work. And at work, I have more than
> enough evidence that fragmentation gradually slows down Windows XP and
> any earlier version if you have files of any significant size.

Horsecrap.  Disks are so large, and windows writes into the largest 
available space for a new file (NTFS).  Fragmentation does not occur 
significantly enough to drag down the system enough to notice.

-- 
"I was gratified to be able to answer promptly, and I did.
  I said I didn't know."
                           -Samuel Clemens.

[toc] | [prev] | [next] | [standalone]


#23479

FromAlan Browne <alan.browne@FreelunchVideotron.ca>
Date2012-04-08 09:07 -0400
Message-ID<ifmdnRp8vv4eEBzSnZ2dnUVZ_tWdnZ2d@giganews.com>
In reply to#23430
On 2012-04-07 14:18 , Michelle Steiner wrote:
> In article<0v6dneMB_YV54h3SnZ2dnUVZ_qmdnZ2d@giganews.com>,
>   Alan Browne<alan.browne@FreelunchVideotron.ca>  wrote:
>
>>> Here's a script I found on the web that checks for the Flashback
>>> trojan:
>>
>> That script checks for Safari and Firefox transport of the trojan, not
>> Chrome.  I emulated the same command found variously around the web
>> (above) but I'm not absolutely sure it's a correct test.
>
> Chrome uses the same WebKit that Safari uses, so it may be that the Safari
> test also works for Chrome.

It tests in folder locations specific to the browser:

    do shell script "defaults read /Applications/Safari.app 
/Contents/Info LSEnvironment"

The folder Application/Safari.app ... would have nothing belonging to 
Chrome whether or not they have code commonality.

-- 
"I was gratified to be able to answer promptly, and I did.
  I said I didn't know."
                           -Samuel Clemens.

[toc] | [prev] | [next] | [standalone]


#23446

From*Hemidactylus* <ecphoric@hotmail.com>
Date2012-04-07 19:05 -0400
Message-ID<EuSdnbh7Q9--VR3SnZ2dnUVZ_rydnZ2d@giganews.com>
In reply to#23405
On 04/07/2012 09:43 AM, Alan Browne wrote:
> Does the Flashback trojan affect Chrome as well?
> Does the Flashback trojan affect browsers under Lion?
>
> I executed this in terminal
> defaults read /Applications/Chrome.app/Contents/Info LSEnvironment
>
> and got a file does not exist error. But I'm not sure that's a valid
> test. (I just used the same test as for Safari and substituted Chrome).
>
I did the check just now for Firefox (substituted in command string for 
Safari) and was clean.

I went into the Safari menu and under Preferences...Security noticed the 
Enable Java box was clicked although I think Java doesn't exist on my 
Lion system (clicking Java Preferences asks me if I want to install the 
JRE). I unclicked Enable Java on the Safari security preferences anyway. 
Was this necessary or overkill?

Why would it have been checked? Is it just a preset in case I stall JRE?

Should I uncheck JavaScript too?

-- 
*Hemidactylus*

[toc] | [prev] | [next] | [standalone]


#23448

FromTim Streater <timstreater@greenbee.net>
Date2012-04-08 00:24 +0100
Message-ID<timstreater-B9B035.00242108042012@news.individual.net>
In reply to#23446
In article <EuSdnbh7Q9--VR3SnZ2dnUVZ_rydnZ2d@giganews.com>,
 *Hemidactylus* <ecphoric@hotmail.com> wrote:

> Should I uncheck JavaScript too?

No.

-- 
Tim

"That excessive bail ought not to be required, nor excessive fines imposed,
nor cruel and unusual punishments inflicted"  --  Bill of Rights 1689

[toc] | [prev] | [next] | [standalone]


#23464

Fromdempson@actrix.gen.nz (David Empson)
Date2012-04-08 16:32 +1200
Message-ID<1ki8r20.1klnd748ykv3N%dempson@actrix.gen.nz>
In reply to#23446
*Hemidactylus* <ecphoric@hotmail.com> wrote:

> On 04/07/2012 09:43 AM, Alan Browne wrote:
> > Does the Flashback trojan affect Chrome as well?
> > Does the Flashback trojan affect browsers under Lion?
> >
> > I executed this in terminal
> > defaults read /Applications/Chrome.app/Contents/Info LSEnvironment
> >
> > and got a file does not exist error. But I'm not sure that's a valid
> > test. (I just used the same test as for Safari and substituted Chrome).
> >
> I did the check just now for Firefox (substituted in command string for
> Safari) and was clean.
> 
> I went into the Safari menu and under Preferences...Security noticed the
> Enable Java box was clicked although I think Java doesn't exist on my
> Lion system (clicking Java Preferences asks me if I want to install the
> JRE). I unclicked Enable Java on the Safari security preferences anyway.
> Was this necessary or overkill?
> 
> Why would it have been checked? Is it just a preset in case I stall JRE?

Yes. Standard configuraiton of Safari is to have Java enabled. If you
don't have Java installed (on Lion) then this checkbox is meaningless,
because there is no Java plugin or runtime environment.

Ideally Apple should grey out the checkbox if Java isn't installed on
the system, but they didn't bother.

> Should I uncheck JavaScript too?

Only if you like breaking the user interface on a fair proportion of web
sites.

JavaScript has nothing to do with Java (the name "JavaScript" was an
unfortunate choice on the part of Netscape), and JavaScript has nothing
to do with this particular threat.

-- 
David Empson
dempson@actrix.gen.nz

[toc] | [prev] | [next] | [standalone]


#23492

FromRob Friefeld <someone@verizon.net>
Date2012-04-08 10:59 -0700
Message-ID<jlsjmc$9hu$1@dont-email.me>
In reply to#23405
In article <2vCdnZ7ns8AN2R3SnZ2dnUVZ_umdnZ2d@giganews.com>,
 Alan Browne <alan.browne@FreelunchVideotron.ca> wrote:

> Does the Flashback trojan affect Chrome as well?
> Does the Flashback trojan affect browsers under Lion?
> 
> I executed this in terminal
>    defaults read /Applications/Chrome.app/Contents/Info LSEnvironment
> 
> and got a file does not exist error.  But I'm not sure that's a valid 
> test.  (I just used the same test as for Safari and substituted Chrome).

Yes, it affects Chrome. The problem is Java, not the browser. The latest 
update from Apple is supposed to fix the vulnerability. As for testing 
for affliction, so far so good. 

Look at TidBITS:  http://tidbits.com/article/12918

> That said, detection comes down to issuing the following defaults read 
> commands in Terminal (F-Secure suggests only the first and last; the others 
> extend the technique from Safari to Google Chrome, Firefox, and iCab). In 
> each case, if you see ³does not exist² at the end of the response from each 
> command, you are not infected. (The defaults read command is entirely safe ‹ 
> it¹s just attempting to determine whether some data exists in the Info.plist 
> file within each application package.)

> defaults read /Applications/Safari.app/Contents/Info LSEnvironment 
> defaults read /Applications/Google\ Chrome.app/Contents/Info LSEnvironment 
> defaults read /Applications/Firefox.app/Contents/Info LSEnvironment 
> defaults read /Applications/iCab\ 4/iCab.app/Contents/Info LSEnvironment 
> defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

Rob Friefeld

[toc] | [prev] | [next] | [standalone]


#23570

FromAlan Browne <alan.browne@FreelunchVideotron.ca>
Date2012-04-09 16:26 -0400
Message-ID<38CdnYBy05uO2x7SnZ2dnUVZ_gSdnZ2d@giganews.com>
In reply to#23492
On 2012-04-08 13:59 , Rob Friefeld wrote:
> In article<2vCdnZ7ns8AN2R3SnZ2dnUVZ_umdnZ2d@giganews.com>,
>   Alan Browne<alan.browne@FreelunchVideotron.ca>  wrote:
>
>> Does the Flashback trojan affect Chrome as well?
>> Does the Flashback trojan affect browsers under Lion?
>>
>> I executed this in terminal
>>     defaults read /Applications/Chrome.app/Contents/Info LSEnvironment
>>
>> and got a file does not exist error.  But I'm not sure that's a valid
>> test.  (I just used the same test as for Safari and substituted Chrome).
>
> Yes, it affects Chrome. The problem is Java, not the browser. The latest
> update from Apple is supposed to fix the vulnerability. As for testing
> for affliction, so far so good.
>
> Look at TidBITS:  http://tidbits.com/article/12918
>
>> That said, detection comes down to issuing the following defaults read
>> commands in Terminal (F-Secure suggests only the first and last; the others
>> extend the technique from Safari to Google Chrome, Firefox, and iCab). In
>> each case, if you see ³does not exist² at the end of the response from each
>> command, you are not infected. (The defaults read command is entirely safe ‹
>> it¹s just attempting to determine whether some data exists in the Info.plist
>> file within each application package.)
>
>> defaults read /Applications/Safari.app/Contents/Info LSEnvironment
>> defaults read /Applications/Google\ Chrome.app/Contents/Info LSEnvironment
>> defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
>> defaults read /Applications/iCab\ 4/iCab.app/Contents/Info LSEnvironment
>> defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

Amusing.  The way I edited the command would not have detected it. 
Shame on my for not checking the folder structure for Chrome first. 
OTOH, I don't see how they get the path above from the actual structure.

But, the way that article is written, it is just extending the test to 
Chrome without confirming that any Chrome browser machines were or can 
be infected.  I primarily use Chrome, occasionally Firefox and rarely 
Safari and Opera.

Thanks!




-- 
"I was gratified to be able to answer promptly, and I did.
  I said I didn't know."
                           -Samuel Clemens.

[toc] | [prev] | [standalone]


Page 3 of 3 — ← Prev page 1 2 [3]

Back to top | Article view | comp.sys.mac.system


csiph-web