Blog
‘Flashback’ Trojan Horse in the wild—what to do
A Trojan Horse—a bit of bad computer code that pretends to be something else—is infecting a few Macs. This is different from a virus which spreads from computer to computer. I saw an infected Mac up in Portland yesterday via remote support. I don’t think Flashback terrifically common, but let’s keep it from becoming so. Here’s what you should do:
1. Go to the Apple Menu and choose Software Update…. Install all available updates, especially those that relate to “Java” (which is how Flashback works). After you run these updates, your Mac running Mac OS X 10.6 or 10.7 cannot be infected by Flashback.
2. If you’re afraid that your Mac may have already been hit by Flashback, download and run Test4Flashback. This will tell you if your Mac is infected or not. If your Mac is clean and you’ve applied the Software Updates in Step 1, you have nothing more to worry about.
3. If Test4Flashback indicates that your Mac is infected, please call (503-507-0410) or email ([email protected]) at your earliest convenience. Removing the Flashback Trojan involves working in the Terminal, and unless you know what you’re doing, you could do more harm than good. You should not lose any data.
Flashback does not involve iOS. iPhones, iPads, etc. are not impacted by this.
If your Mac is running an earlier operating system (Mac OS X 10.4 or 10.5), you will need to go to your web browser’s preferences and turn off Java to avoid infection. This may cause some web browsing features not to work, depending on the site, but there is presently no other way I know of to block infection for those systems.
A little bit more about Flashback
Flashback is a Java-based Trojan Horse. It uses the Java programming language to install itself and to do things on your Mac without your permission (or, likely, awareness). Apple has depreciated Java—it’s not even installed with Mac OS X 10.7 Lion unless you specifically choose to install it. Unfortunately, a lot of web sites and programs use Java, so a lot of Mac users (me too) have Java installed.
The real genius of Flashback is that it can be tied to web sites that use Java—again, there are lots of those—and infect your Mac without intervention from you, and you may not even know that your Mac has been infected. On the Mac I saw in Portland, the evidence of a problem was that older, PowerPC software was crashing. But you may not notice anything is wrong. It’s insidious.
The good news is that, as outlined above, it’s a relatively simple matter to test for infection and protect against it going forward. (And if your Mac is infected, it’s a technically-complicated but not impossible, fix.) Should you load your Mac with anti-virus software on the basis of this? I don’t think it’s essential. First, I’ve seen far more problems with antivirus software than I have with malware on the Mac. Second, I think it’s telling that Flashback uses a technology that Apple doesn’t even ship by default anymore.
Nonetheless, if you want to have antivirus, a free virus scanner called ClamXav is available from the Mac App Store. (Odds are good that what you’ll find when you use it is that you’ve received emails loaded with PC viruses; those are incredibly common, and though they don’t impact Macs, we can spread them Typhoid Mary-like to PCs.) If that provides you with peace of mind, use it. By and large, I continue to think there’s not a lot to worry about so long as you keep your Mac software up to date.
UPDATE: I’ve had several users ask me about protecting older, PowerPC or 10.4 or 10.5 Macs. I don’t have (and can’t find) a way to check older PowerPC-based Macs for this infection. You can use the free Sophos Antivirus to check for Flashback.
I’m afraid my only suggest at this point is to go to Applications > Utilities > Java Preferences and turn Java off system-wide. That may disrupt some things—CrashPlan is a notable Java app—but the only way I know right now to insure that your old Mac is safe is to turn off the language (Java) that Flashback uses. Then it won’t matter if your Mac is infected or not.
Steve Jobs, 1955-2011
My own interest in Apple mirrored Steve Jobs’ return to the company in 1997. In the late ’90s I saw him at Seybold and Macworld, and over the years watched his keynotes both live and, particularly after we returned to Oregon, by video stream. He was a visionary, a showman, and business leader all in one. I don’t think it’s hyperbole to mention him in the same breath as Edison or Telsa—his name is on over 300 patents in diverse areas—and I doubt very much we’ll see someone like him again in the technology industry during my lifetime.
I owe a great deal to Steve Jobs, which sounds strange considering that I never met the man. But my company’s fortunes are inextricably linked to Apple’s, and as Jobs took Apple from the verge of bankruptcy to the largest company (by market capitalization) in the world, my own business success followed. Indeed, I often joke that I may have no business acumen whatsoever. We don’t know. Maybe I just hitched my wagon to the right star.
Yesterday’s iPhone 4S presentation conducted by Apple CEO Tim Cook and associated Apple brass was widely regarded as a subdued affair lacking the Jobsian passion and showmanship of years past. Perhaps in the light of today’s news we can understand why. Having to sell a product—and I think the iPhone 4S is a home run of a product—when the death of your friend, colleague, and mentor is imminent, is a task I’d wish on no one. By today’s lights, the Apple officers performed amazingly, and even if Steve Jobs, a noted perfectionist, wouldn’t have cut them any slack about it, I think the rest of us can and should.
As a company Apple will be fine for the next 3-5 years. They could almost run on autopilot during that time with incremental releases of existing products and continue to rake in the cash. What we don’t know is what happens when the next iPod, iPhone, or iPad is needed. Does Apple have the talent internally to produce another world-changing device without Steve Jobs to guide them? Nobody knows.
What we do know is that the world is a better place for Steve Jobs and his contributions to it. If you’ve not read it, here’s the text of Steve Jobs Stanford Commencement speech from 2005. In it, he said:
No one wants to die. Even people who want to go to heaven don’t want to die to get there. And yet death is the destination we all share. No one has ever escaped it. And that is as it should be, because Death is very likely the single best invention of Life. It is Life’s change agent. It clears out the old to make way for the new. Right now the new is you, but someday not too long from now, you will gradually become the old and be cleared away. Sorry to be so dramatic, but it is quite true.
Your time is limited, so don’t waste it living someone else’s life. Don’t be trapped by dogma — which is living with the results of other people’s thinking. Don’t let the noise of others’ opinions drown out your own inner voice. And most important, have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary.
Amen.
Brother printer cartridge trick
Quoting David Tutwiler in an Amazon.com review:
This cartridge will disable your printer once it (the cartridge) tells your printer it’s empty. The cartridge has a window that is closed (blocked) by toner. This window runs through the cartridge from one side to the other. When the toner is full, the window is blocked, when the toner is seemingly empty, a laser is able to shine through the cartridge one side to the other thus signaling to the printer to shut down for cartridge replacement. I have found that when you obstruct this window with a simple piece of masking tape, you will have at least 33-50% more toner left.
Worked here in the office on our Brother DCP-8065DN laser printer with a TN580 cartridge. Your mileage may vary, of course.
Mac OS X 10.7 Lion Presentation
I will be delivering a presentation on Apple’s new Mac OS X 10.7 Lion operating system for the Salem Macintosh Users Group on September 17 from 10 AM to noon at Comfort Suites in Salem. Everyone is welcome, though seating may be limited.
Mac HelpMate 3.2 now available
Mac HelpMate version 3.2 is now available in our Remote Support section. It offers bug fixes as well as transitional support for Mac OS X 10.7 Lion. This update is free, and for current Mac HelpMate users, may also be downloaded via the “Check for Updates” command under the File menu within the Mac HelpMate application itself.
SMUG Presentation, June 14
I will be speaking about the new Macbook Pro laptops at the next Salem Macintosh Users Group (SMUG) meeting. This meeting will be held on June 14 at 7 PM at Comfort Suites on Hawthorne in Salem. I will also cover any new announcements from Apple’s World Wide Developers Conference (WWDC) and briefly discuss the MacDefender trojan horse.
Attendance is free. Hope to see you there!
Mac Defender
Most archeologists now accept that the city of Troy existed in the 11th or 12th century BC. What is unknown is whether the Trojan War also had basis in fact. As you may know, Greek mythology tells us of Eris’ Apple of Discord, given to Paris to be presented to fairest of the goddesses, Athena, Hera or Aphrodite. All attempted to bribe Paris, but he ultimately chose Aphrodite who promised him the love of the most beautiful woman in the world, Helen of Sparta.
Paris went to Sparta and Helen fell in love with him, helpfully coerced by one of Cupid’s arrows. The pair eloped to Troy, after which the city was besieged by the Spartans. After 10 years and many battles, the attackers rolled a great wooden horse inscribed as a “gift to Athena” to the gates of Troy and departed in their ships. The defenders, thinking the battle won and the war ended, wheeled the horse inside the gates of the city and proceeded with a night of drunken revelry and celebration. That night, soldiers emerged from the horse, overwhelmed the city’s defenders, and won final victory. This is the etymology of the term “Trojan Horse.”
In the computer world, we use the term in a similar fashion which is to say that a “Trojan Horse” is a program or bit of software that seems benign but is actually malevolent. Mac OS X experienced its first wide-spread Trojan Horse this month with a program called Mac Defender.
It’s worth noting that Mac Defender requires that the user (you!) both download and install the program before it is capable of doing anything. That is to say, like the Trojan Horse of antiquity, one must be fooled in order for it to work. This “social engineering”—email phishing is another example—is probably the biggest security threat to Mac users. The number one thing you can do to prevent this type of thing: Do not download or install any software if you don’t know where it’s from or if you didn’t explicitly choose to download it.
If you’ve already installed Mac Defender, don’t feel badly. This is the first widespread malware of its kind for the Mac, and human history is replete with people falling for the tricks of others. Revel, if you will, in your humanity. Also, feel free to celebrate the lesson learned, because Mac Defender doesn’t do a whole lot. It’s easily removed (Google “Remove Mac Defender” or see the links in my Twitter feed for explicit instructions) and it does not harm or compromise your computer.
If you’ve gone so far as to “buy” Mac Defender—the program wants you to purchase it with a credit card—I would strongly advise you to cancel that card as soon as possible.
This is unlikely to be the last Mac Trojan Horse we see, but if you follow the steps outlined above and stay connected to the Apple community, you have little to fear.
We help people with Apple technology.
