Symantec: Flashback malware still present on approximately 140,000 Macs

Posted by:
Date: Tuesday, April 17th, 2012, 19:21
Category: News, security, Software

The good news: The Flashback malware’s infection numbers have gone down dramatically.

The bad news: About 140,000 of you need to look into removing the malware on your Mac.

Per a recent Symantec blog post, the security firm guessed that the number of affected machines would have dropped precipitously by now given that Apple and third-party vendors released their respective Flashback-neutralizing programs last week. The Mac maker even rolled out a removal tool for those Mac users who don’t have Java installed, and thus may be harboring a dormant version of the malware.

Statistics from Symantec’s “sinkhole,” or spoofed command and control server, show that Flashback has been removed from some 460,000 machines since Apr. 9, but the company expected less than 99,000 would be carrying the trojan by Tuesday.

Sinkholes are used by internet security and research entities to monitor and analyze the spread of malicious programs, though the standard practice sometimes brings unwarranted suspicion to smaller, less well-known firms. For example, Apple reportedly attempted to shut down the server hosting a sinkhole belonging to Flashback’s discoverer Dr. Web, mistakenly thinking that it was a legitimate command and control server. Apple’s move, however, can also be considered standard practice when dealing with fast-moving malware.

There has been no speculation as to why the remaining Macs haven’t already disposed of Flashback, as the self-installing program can be easily identified and deleted. It is possible that machine owners remain unaware of the program and haven’t yet performed a software update that would eradicate it.

The trojan itself continues to propagate on upatched systems. Analysis into Flashback’s structure reveals that it is coded to exceed the .com top level domain, and generates domain names from .in, .info, .kz and .net. Flashback creates one new string every day that is paired with a random TLD.

Once a user visits a site carrying Flashback, the program installs itself without the need for permission and proceeds to collect sensitive data like user iDs, passwords and web browsing histories which it then sends to an off-site repository.

Just as Flashback exploited the “Oracle Java SE Remote Java Runtime Environment Denial Of Service Vulnerability” to create its botnet, another threat has surfaced that uses the same hole as a means of distribution.

Called Backdoor.OSX.SabPub.a, the newly-discovered malware was created in March and is considered an “active attack” trojan as an operator manually checks and harvests data from an affected machine. SabPub has also been seen being distributed in malicious Word documents, installing itself by exploiting a known record parsing buffer overflow vulnerability.

Stay tuned for additional details as they become available.

Sending PowerPage’s love down a well…

Posted by:
Date: Tuesday, April 17th, 2012, 19:15
Category: Announcement



Guys, it’s not often that we do this, so bear with us.

On February 24th, Washington, D.C.-area comedian, Geek Comedy Tour member and die-hard Mac nerd Joe Deeley suffered a moderate stroke while driving home from dinner with his family. In the following weeks, members of D.C.’s stand up comedy scene have been able to raise funds to help the Deeley family with thousands of dollars worth of medical expenses and Joe himself is progressing nicely through the rehabilitation process.

What I’d like to propose is the following: Joe has been a friend since I began doing stand up seven years ago, has always been there, and despite a slight penchant for narcolepsy on long road trips, has literally been the nicest human being one could hope to meet. Joe, like many of you, has also been a long-time Mac geek, having worked with every Mac he could get his hands on, enjoyed every minute of it and has long been someone I could go to with iMovie questions.

If you can, please take a gander at the following video and if you can donate a few shekels to help his family with the bills or help spread the word, it’d make an enormous difference.



Jobra!!!

Apple job listing points to potentially revised power systems for future Macs

Posted by:
Date: Tuesday, April 17th, 2012, 18:40
Category: Hardware, News

applelogo_silver

Sometimes it’s the job listings that prove the most telling.

Per AppleInsider, Apple is looking for a new hire to work closely with Apple’s computer system hardware team for DC-DC power designs integration.

The job listing also makes mention of optimizing power use with “white LED backlight drivers,” related to the LCD screens found on Apple’s iMac and MacBook lineups.

Apple would prefer to hire an employee with a PhD in power electronics. Candidates must have at least 8 years of experience in the field to be considered for the high-level position.

Stay tuned for additional details as they become available.