Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.mac.system > #23317 > unrolled thread

Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java?

Started byANTant@zimage.com (Ant)
First post2012-04-04 19:03 -0500
Last post2012-04-12 09:13 +1200
Articles 14 on this page of 54 — 20 participants

Back to article view | Back to comp.sys.mac.system


Contents

  Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? ANTant@zimage.com (Ant) - 2012-04-04 19:03 -0500
    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-04 19:54 -0700
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? nospam <nospam@nospam.invalid> - 2012-04-05 00:06 -0400
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 00:24 -0700
          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? nospam <nospam@nospam.invalid> - 2012-04-05 16:10 -0400
            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 13:33 -0700
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-05 13:51 -0700
                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 19:16 -0400
                  Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-06 14:48 +1200
                    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 23:21 -0400
                      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-06 18:19 +1200
                        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 14:09 +0200
                        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Howard.not@home.com (Howard) - 2012-04-09 18:17 +0100
                          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? PhillipJones <pjones1@kimbanet.com> - 2012-04-09 14:20 -0400
                            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Howard.not@home.com (Howard) - 2012-04-10 17:46 +0100
                              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-11 10:18 +0200
                                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? John McWilliams <jpmcw@comcast.net> - 2012-04-11 15:13 -0700
                    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 14:01 +0200
                      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-07 01:46 +1200
                        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Fred Moore <fmoore@gcfn.org> - 2012-04-06 12:15 -0400
                          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-09 09:11 +0200
                            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Fred Moore <fmoore@gcfn.org> - 2012-04-09 11:42 -0400
                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 13:51 +0200
                  Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 09:28 -0700
                    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 21:51 +0200
                      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 16:43 -0700
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-05 21:27 -0400
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-06 14:19 +0200
          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 09:29 -0700
            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Michael Vilain <vilain@NOspamcop.net> - 2012-04-06 12:22 -0700
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? nospam <nospam@nospam.invalid> - 2012-04-06 17:40 -0400
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Fred Moore <fmoore@gcfn.org> - 2012-04-06 12:11 -0400
    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-05 10:01 +0200
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-05 01:55 -0700
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-05 11:40 +0200
          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-06 09:30 -0700
            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Dave Allen <kneeljung@gmail.com> - 2012-04-06 19:03 -0500
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? dempson@actrix.gen.nz (David Empson) - 2012-04-07 12:48 +1200
                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Dave Allen <kneeljung@gmail.com> - 2012-04-07 13:56 -0500
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-07 09:53 -0700
                Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? SY <205sk@accessforall.invalid> - 2012-04-07 19:01 +0200
                  Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 14:10 -0400
              Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Ant <ant@zimage.comANT> - 2012-04-21 13:18 -0700
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Warren Oates <warren.oates@gmail.com> - 2012-04-05 08:20 -0400
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? George Kerby <ghost_topper@hotmail.com> - 2012-04-05 08:38 -0500
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Jolly Roger <jollyroger@pobox.com> - 2012-04-05 15:51 -0700
          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? George Kerby <ghost_topper@hotmail.com> - 2012-04-05 18:49 -0500
            Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Jolly Roger <jollyroger@pobox.com> - 2012-04-05 16:54 -0700
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-08 13:38 +0200
          Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? J.J. O'Shea <try.not.to@but.see.sig> - 2012-04-09 14:03 -0400
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 19:10 -0400
    Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? J.J. O'Shea <try.not.to@but.see.sig> - 2012-04-09 14:00 -0400
      Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? Paul Sture <paul@sture.ch> - 2012-04-11 10:37 +0200
        Re: Is there a Flashback protection/fix for Mac OS X 10.5.8's vulnerable Java? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-12 09:13 +1200

Page 3 of 3 — ← Prev page 1 2 [3]


#23420

FromSY <205sk@accessforall.invalid>
Date2012-04-07 19:01 +0200
Message-ID<4f8072dc$0$20411$e4fe514c@dreader37.news.xs4all.nl>
In reply to#23418
In article <a8udnVrXcJVo7R3SnZ2dnUVZ_t6dnZ2d@earthlink.com>,
 Ant <ant@zimage.comANT> wrote:

> On 4/6/2012 5:03 PM PT, Dave Allen typed:
> 
> >>> Thanks, I forgot to mention disabling Java.  I have disabled it in my
> >>> browsers as well.
> >>
> >> Don't forget to disable it through Utilities' Java Preference!
> >
> > Okay, I've opened Java Preferences from Utilities,but I have no idea
> > what i need to do with it to disable Java.  Do I simply uncheck all of
> > the boxes under the General tab?  [Mac OS 10.5.8]
> 
> That is what I did in there beside disabling Java in web browsers. Then, 
> you can go to http://javatester.org/, http://java.com, or any trusted 
> web site with Java applets to see if Java is disabled.

Or try: http://browserspy.dk/java.php
SK.

[toc] | [prev] | [next] | [standalone]


#23427

FromAlan Browne <alan.browne@FreelunchVideotron.ca>
Date2012-04-07 14:10 -0400
Message-ID<rp-dnYNCnreaHh3SnZ2dnUVZ_gqdnZ2d@giganews.com>
In reply to#23420
On 2012-04-07 13:01 , SY wrote:
> In article<a8udnVrXcJVo7R3SnZ2dnUVZ_t6dnZ2d@earthlink.com>,
>   Ant<ant@zimage.comANT>  wrote:
>
>> On 4/6/2012 5:03 PM PT, Dave Allen typed:
>>
>>>>> Thanks, I forgot to mention disabling Java.  I have disabled it in my
>>>>> browsers as well.
>>>>
>>>> Don't forget to disable it through Utilities' Java Preference!
>>>
>>> Okay, I've opened Java Preferences from Utilities,but I have no idea
>>> what i need to do with it to disable Java.  Do I simply uncheck all of
>>> the boxes under the General tab?  [Mac OS 10.5.8]
>>
>> That is what I did in there beside disabling Java in web browsers. Then,
>> you can go to http://javatester.org/, http://java.com, or any trusted
>> web site with Java applets to see if Java is disabled.
>
> Or try: http://browserspy.dk/java.php
> SK.

Or don't.  The one's that Ant supplied are fine.

-- 
"I was gratified to be able to answer promptly, and I did.
  I said I didn't know."
                           -Samuel Clemens.

[toc] | [prev] | [next] | [standalone]


#24176

FromAnt <ant@zimage.comANT>
Date2012-04-21 13:18 -0700
Message-ID<S9edncoi8Zaciw7SnZ2dnUVZ_jmdnZ2d@earthlink.com>
In reply to#23394
On 4/7/2012 9:53 AM PT, Ant typed:

>>>> Thanks, I forgot to mention disabling Java. I have disabled it in my
>>>> browsers as well.
>>>
>>> Don't forget to disable it through Utilities' Java Preference!
>>
>> Okay, I've opened Java Preferences from Utilities,but I have no idea
>> what i need to do with it to disable Java. Do I simply uncheck all of
>> the boxes under the General tab? [Mac OS 10.5.8]
>
> That is what I did in there beside disabling Java in web browsers. Then,
> you can go to http://javatester.org/, http://java.com, or any trusted
> web site with Java applets to see if Java is disabled.

I don't know if this is a glitch on this old specific MacBook Pro (15"; 
2008) or an actual bug on all Mac OS X 10.5.8 machines. Disabling Java 
plugins in Mac OS X 10.5.8's Utilities' Java Preferences will remove ALL 
installed plug-ins in Safari. Why? I DON'T KNOW! [gets slimed] It would 
be nice if someone else, with this OS version, to try it and see if it 
happens there.

For now, I will have Java disabled on both Firefox and Safari web browsers.
-- 
"At length, when they came to a (lowly) valley of ants, one of the ants 
said: 'O ye ants, get into your habitations, lest Solomon and his hosts 
crush you (under foot) without knowing it.'" --Surah 27. The Ant, The 
Ants, line 18
    /\___/\         Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
   / /\ /\ \                Ant's Quality Foraged Links: http://aqfl.net
  | |o   o| |
     \ _ /        If crediting, then use Ant nickname and AQFL URL/link.
      ( )         If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.

[toc] | [prev] | [next] | [standalone]


#23330

FromWarren Oates <warren.oates@gmail.com>
Date2012-04-05 08:20 -0400
Message-ID<4f7d8e2d$0$11826$c3e8da3$12bcf670@news.astraweb.com>
In reply to#23324
In article <m30059-u5g.ln1@news.sture.ch>, Paul Sture <paul@sture.ch> 
wrote:

> To summarize, if both these Terminal commands give the "does not exist" 
> error, you don't have this particular nasty (at least in its current 
> form):
> 
> defaults read /Applications/Safari.app/Contents/Info LSEnvironment 
> defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 

Thanks Paul -- that's valuable info.
-- 

... do not cover a warm kettle or your stock may sour. -- Julia Child

[toc] | [prev] | [next] | [standalone]


#23331

FromGeorge Kerby <ghost_topper@hotmail.com>
Date2012-04-05 08:38 -0500
Message-ID<CBA30A70.84DDD%ghost_topper@hotmail.com>
In reply to#23324


On 4/5/12 3:01 AM, in article m30059-u5g.ln1@news.sture.ch, "Paul Sture"
<paul@sture.ch> wrote:

> On Wed, 04 Apr 2012 19:03:30 -0500, Ant wrote:
> 
>> Hello.
>> 
>> I read the recent Flashback trojan with Apple's Java. I have a client
>> who is still running Mac OS X 10.5.8 and noticed Apple released an
>> updated Java for Mac OS X 10.6. I assume there is none for unsupported
>> 10.5.8. Is there a way to remove its Java or protect it without
>> upgrading the OS?
>> 
> 
> There are some manual removal instructions here:
> 
> <http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml>
> 
> To summarize, if both these Terminal commands give the "does not exist"
> error, you don't have this particular nasty (at least in its current
> form):
> 

Gizmodo confirms that:

<http://gizmodo.com/5899352/mac-flashback-trojan-find-out-if-youre-one-of-th
e-600000-infected>

[toc] | [prev] | [next] | [standalone]


#23340

FromJolly Roger <jollyroger@pobox.com>
Date2012-04-05 15:51 -0700
Message-ID<jollyroger-B019D8.15510505042012@news.individual.net>
In reply to#23331
In article <CBA30A70.84DDD%ghost_topper@hotmail.com>,
 George Kerby <ghost_topper@hotmail.com> wrote:

> On 4/5/12 3:01 AM, in article m30059-u5g.ln1@news.sture.ch, "Paul Sture"
> <paul@sture.ch> wrote:
> 
> > To summarize, if both these Terminal commands give the "does not exist"
> > error, you don't have this particular nasty (at least in its current
> > form):
> 
> Gizmodo confirms that:
> 
> <http://gizmodo.com/5899352/mac-flashback-trojan-find-out-if-youre-one-of-th
> e-600000-infected>

I stopped reading Gizmodo after he held the iPhone prototype hostage and 
then blamed Apple for wanting it back. ; )

-- 
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.

JR

[toc] | [prev] | [next] | [standalone]


#23350

FromGeorge Kerby <ghost_topper@hotmail.com>
Date2012-04-05 18:49 -0500
Message-ID<CBA399C4.84E35%ghost_topper@hotmail.com>
In reply to#23340


On 4/5/12 5:51 PM, in article
jollyroger-B019D8.15510505042012@news.individual.net, "Jolly Roger"
<jollyroger@pobox.com> wrote:

> In article <CBA30A70.84DDD%ghost_topper@hotmail.com>,
>  George Kerby <ghost_topper@hotmail.com> wrote:
> 
>> On 4/5/12 3:01 AM, in article m30059-u5g.ln1@news.sture.ch, "Paul Sture"
>> <paul@sture.ch> wrote:
>> 
>>> To summarize, if both these Terminal commands give the "does not exist"
>>> error, you don't have this particular nasty (at least in its current
>>> form):
>> 
>> Gizmodo confirms that:
>> 
>> <http://gizmodo.com/5899352/mac-flashback-trojan-find-out-if-youre-one-of-th
>> e-600000-infected>
> 
> I stopped reading Gizmodo after he held the iPhone prototype hostage and
> then blamed Apple for wanting it back. ; )

So THAT was the guy?!?

DAMN!

[toc] | [prev] | [next] | [standalone]


#23351

FromJolly Roger <jollyroger@pobox.com>
Date2012-04-05 16:54 -0700
Message-ID<jollyroger-DA7296.16540305042012@news.individual.net>
In reply to#23350
In article <CBA399C4.84E35%ghost_topper@hotmail.com>,
 George Kerby <ghost_topper@hotmail.com> wrote:

> On 4/5/12 5:51 PM, in article
> jollyroger-B019D8.15510505042012@news.individual.net, "Jolly Roger"
> <jollyroger@pobox.com> wrote:
> 
> > In article <CBA30A70.84DDD%ghost_topper@hotmail.com>,
> >  George Kerby <ghost_topper@hotmail.com> wrote:
> > 
> >> On 4/5/12 3:01 AM, in article m30059-u5g.ln1@news.sture.ch, "Paul Sture"
> >> <paul@sture.ch> wrote:
> >> 
> >>> To summarize, if both these Terminal commands give the "does not exist"
> >>> error, you don't have this particular nasty (at least in its current
> >>> form):
> >> 
> >> Gizmodo confirms that:
> >> 
> >> <http://gizmodo.com/5899352/mac-flashback-trojan-find-out-if-youre-one-of-t
> >> h
> >> e-600000-infected>
> > 
> > I stopped reading Gizmodo after he held the iPhone prototype hostage and
> > then blamed Apple for wanting it back. ; )
> 
> So THAT was the guy?!?
> 
> DAMN!

Yup. I read http://www.engadget.com/. Same content, minus the mindless 
Apple hate.

-- 
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.

JR

[toc] | [prev] | [next] | [standalone]


#23474

FromPaul Sture <paul@sture.ch>
Date2012-04-08 13:38 +0200
Message-ID<3v9859-fm1.ln1@news.sture.ch>
In reply to#23331
On Thu, 05 Apr 2012 08:38:08 -0500, George Kerby wrote:

> On 4/5/12 3:01 AM, in article m30059-u5g.ln1@news.sture.ch, "Paul Sture"
> <paul@sture.ch> wrote:
> 
>> On Wed, 04 Apr 2012 19:03:30 -0500, Ant wrote:
>> 
>>> Hello.
>>> 
>>> I read the recent Flashback trojan with Apple's Java. I have a client
>>> who is still running Mac OS X 10.5.8 and noticed Apple released an
>>> updated Java for Mac OS X 10.6. I assume there is none for unsupported
>>> 10.5.8. Is there a way to remove its Java or protect it without
>>> upgrading the OS?
>>> 
>>> 
>> There are some manual removal instructions here:
>> 
>> <http://www.f-secure.com/v-descs/trojan-
downloader_osx_flashback_i.shtml>
>> 
>> To summarize, if both these Terminal commands give the "does not exist"
>> error, you don't have this particular nasty (at least in its current
>> form):
>> 
>> 
> Gizmodo confirms that:
> 
> <http://gizmodo.com/5899352/mac-flashback-trojan-find-out-if-youre-one-
of-th
> e-600000-infected>

Him yes.  They blindly copied the fix from the F-Secure site, where 
points 2. and 3. are the wrong way round.

Don't any of these folks actually test what they regurgitate?



-- 
Paul Sture

[toc] | [prev] | [next] | [standalone]


#23557

FromJ.J. O'Shea <try.not.to@but.see.sig>
Date2012-04-09 14:03 -0400
Message-ID<jlv8991hv2@news3.newsguy.com>
In reply to#23474
On Sun, 8 Apr 2012 07:38:43 -0400, Paul Sture wrote
(in article <3v9859-fm1.ln1@news.sture.ch>):

> On Thu, 05 Apr 2012 08:38:08 -0500, George Kerby wrote:
> 
>> On 4/5/12 3:01 AM, in article m30059-u5g.ln1@news.sture.ch, "Paul Sture"
>> <paul@sture.ch> wrote:
>> 
>>> On Wed, 04 Apr 2012 19:03:30 -0500, Ant wrote:
>>> 
>>>> Hello.
>>>> 
>>>> I read the recent Flashback trojan with Apple's Java. I have a client
>>>> who is still running Mac OS X 10.5.8 and noticed Apple released an
>>>> updated Java for Mac OS X 10.6. I assume there is none for unsupported
>>>> 10.5.8. Is there a way to remove its Java or protect it without
>>>> upgrading the OS?
>>>> 
>>>> 
>>> There are some manual removal instructions here:
>>> 
>>> <http://www.f-secure.com/v-descs/trojan-
> downloader_osx_flashback_i.shtml>
>>> 
>>> To summarize, if both these Terminal commands give the "does not exist"
>>> error, you don't have this particular nasty (at least in its current
>>> form):
>>> 
>>> 
>> Gizmodo confirms that:
>> 
>> <http://gizmodo.com/5899352/mac-flashback-trojan-find-out-if-youre-one-
> of-th
>> e-600000-infected>
> 
> Him yes.  They blindly copied the fix from the F-Secure site, where 
> points 2. and 3. are the wrong way round.
> 
> Don't any of these folks actually test what they regurgitate?

Nope. They don't even check to see if there's an actual, real, threat. There 
doesn't seem to be one.



-- 
email to oshea dot j dot j at gmail dot com.

[toc] | [prev] | [next] | [standalone]


#23346

From*Hemidactylus* <ecphoric@hotmail.com>
Date2012-04-05 19:10 -0400
Message-ID<y_mdnVzvDdHvu-PSnZ2dnUVZ_gydnZ2d@giganews.com>
In reply to#23324
On 04/05/2012 04:01 AM, Paul Sture wrote:
> On Wed, 04 Apr 2012 19:03:30 -0500, Ant wrote:
>
>> Hello.
>>
>> I read the recent Flashback trojan with Apple's Java. I have a client
>> who is still running Mac OS X 10.5.8 and noticed Apple released an
>> updated Java for Mac OS X 10.6. I assume there is none for unsupported
>> 10.5.8. Is there a way to remove its Java or protect it without
>> upgrading the OS?
>>
>
> There are some manual removal instructions here:
>
> <http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml>
>
> To summarize, if both these Terminal commands give the "does not exist"
> error, you don't have this particular nasty (at least in its current
> form):
>
> defaults read /Applications/Safari.app/Contents/Info LSEnvironment
> defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
>
> Sample output:
>
> pbook:~paul$ defaults read /Applications/Safari.app/Contents/Info
> LSEnvironment
> 2012-04-05 09:57:39.890 defaults[16703:10b]
> The domain/default pair of (/Applications/Safari.app/Contents/Info,
> LSEnvironment) does not exist
>
> pbook:~paul$ defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
> 2012-04-05 09:59:10.954 defaults[16710:10b]
> The domain/default pair of (/Users/paul/.MacOSX/environment,
> DYLD_INSERT_LIBRARIES) does not exist
>
>
For fun I ran both commands in my terminal and came up clean. But I have 
Lion.

-- 
*Hemidactylus*

[toc] | [prev] | [next] | [standalone]


#23556

FromJ.J. O'Shea <try.not.to@but.see.sig>
Date2012-04-09 14:00 -0400
Message-ID<jlv84j0hv2@news3.newsguy.com>
In reply to#23317
On Wed, 4 Apr 2012 20:03:30 -0400, Ant wrote
(in article <Xaqdnd_fvMXPfOHSnZ2dnUVZ_s6dnZ2d@earthlink.com>):

> Hello.
> 
> I read the recent Flashback trojan with Apple's Java. I have a client 
> who is still running Mac OS X 10.5.8 and noticed Apple released an 
> updated Java for Mac OS X 10.6. I assume there is none for unsupported 
> 10.5.8. Is there a way to remove its Java or protect it without 
> upgrading the OS?
> 
> Thank you in advance. :)
> 

It seems that the entire Flashback thing is much ado about nothing. See 
<http://www.symantec.com/security_response/writeup.jsp?docid=2011-093016-1216-
99>. If an AV vendor, who by definition has a reason to shout and carry on 
about a 'threat', makes a big deal out of something I usually regard their 
announcements with some suspicion. If, however, an AV vendor, who by 
definition has a reason to shout and carry on about a 'threat', declare that 
a 'threat' is, and I quote, of a 'very low risk level', and that they have 
detected '0-49' cases from '0-2' sites in the time starting 30 Sept 2011 (the 
day they first detected the 'threat') and ending 6 April 2012 (the day that 
the 'threat' assessment was last updated, well, I believe 'em. Symantec 
doesn't think that this is a real threat. Why should you? An AV vendor, 
looking to find something to trumpet so as to get people to buy their 
product, could only find less than 50 infections at one or two sites in _six 
months of looking_. Either they didn't look very hard or there's nothing to 
find.

-- 
email to oshea dot j dot j at gmail dot com.

[toc] | [prev] | [next] | [standalone]


#23625

FromPaul Sture <paul@sture.ch>
Date2012-04-11 10:37 +0200
Message-ID<hfsf59-82h.ln1@news.sture.ch>
In reply to#23556
On Mon, 09 Apr 2012 14:00:51 -0400, J.J. O'Shea wrote:

> On Wed, 4 Apr 2012 20:03:30 -0400, Ant wrote (in article
> <Xaqdnd_fvMXPfOHSnZ2dnUVZ_s6dnZ2d@earthlink.com>):
> 
>> Hello.
>> 
>> I read the recent Flashback trojan with Apple's Java. I have a client
>> who is still running Mac OS X 10.5.8 and noticed Apple released an
>> updated Java for Mac OS X 10.6. I assume there is none for unsupported
>> 10.5.8. Is there a way to remove its Java or protect it without
>> upgrading the OS?
>> 
>> Thank you in advance. :)
>> 
>> 
> It seems that the entire Flashback thing is much ado about nothing. See
> <http://www.symantec.com/security_response/writeup.jsp?
docid=2011-093016-1216-
> 99>. If an AV vendor, who by definition has a reason to shout and carry
> on about a 'threat', makes a big deal out of something I usually regard
> their announcements with some suspicion. If, however, an AV vendor, who
> by definition has a reason to shout and carry on about a 'threat',
> declare that a 'threat' is, and I quote, of a 'very low risk level', and
> that they have detected '0-49' cases from '0-2' sites in the time
> starting 30 Sept 2011 (the day they first detected the 'threat') and
> ending 6 April 2012 (the day that the 'threat' assessment was last
> updated, well, I believe 'em. Symantec doesn't think that this is a real
> threat. Why should you? An AV vendor, looking to find something to
> trumpet so as to get people to buy their product, could only find less
> than 50 infections at one or two sites in _six months of looking_.
> Either they didn't look very hard or there's nothing to find.

Noted.

"Apple to release Flashback removal software, working to take down botnet" 
- Ars Technica

<http://bit.ly/ING3QM>



-- 
Paul Sture

[toc] | [prev] | [next] | [standalone]


#23652

FromHelpfulHarry@BusyWorking.com (Helpful Harry)
Date2012-04-12 09:13 +1200
Message-ID<HelpfulHarry-1204120913340001@203-118-187-219.dsl.dyn.ihug.co.nz>
In reply to#23625
On Mon, 09 Apr 2012 14:00:51 -0400, J.J. O'Shea wrote:
> 
> It seems that the entire Flashback thing is much ado about nothing. See
> <http://www.symantec.com/security_response/writeup.jsp?
docid=2011-093016-1216-
> 99>. If an AV vendor, who by definition has a reason to shout and carry
> on about a 'threat', makes a big deal out of something I usually regard
> their announcements with some suspicion. If, however, an AV vendor, who
> by definition has a reason to shout and carry on about a 'threat',
> declare that a 'threat' is, and I quote, of a 'very low risk level', and
> that they have detected '0-49' cases from '0-2' sites in the time
> starting 30 Sept 2011 (the day they first detected the 'threat') and
> ending 6 April 2012 (the day that the 'threat' assessment was last
> updated, well, I believe 'em. Symantec doesn't think that this is a real
> threat. Why should you? An AV vendor, looking to find something to
> trumpet so as to get people to buy their product, could only find less
> than 50 infections at one or two sites in _six months of looking_.
> Either they didn't look very hard or there's nothing to find.

Yep, that pretty much covers it.

For those two people who do manage to find this "malware" on their
computer (from visiting too many porn and pirate websites), there's now a
couple of FREE applications to remove it
<http://www.macrumors.com/2012/04/11/antivirus-firms-release-free-tools-for-cleaning-macs-infected-by-flashback/>

Kaspersky Lab's version is web-based, and it wouldn't surprise me if that
insists on having Java turned on before it can "remove" the "malware".

Helpful Harry  :o)

[toc] | [prev] | [standalone]


Page 3 of 3 — ← Prev page 1 2 [3]

Back to top | Article view | comp.sys.mac.system


csiph-web