How to detect and remove Flashback malware from Mac OS X – Part 2

Thursday, April 12th, 2012 3:52:07 by

OS X does not come with Java installed by default, and the latest versions of Java should be patched properly so anyone with new or properly updated systems should be safe from these threats; however, there are likely many people still running older versions of Java on their systems that are still vulnerable.

If you do not use Java on your system, then you can avoid these threats by disabling it in your Web browser, and also by doing so in the Java Preferences utility in your Applications/Utilities/ folder (uncheck any Java runtime listings in the utility to disable them). By doing this, any threats that attempt to take advantage of Java will not work.

F-Secure has devised a way to remove the malware from Mac machines. According to the security company, the malicious software works in two ways. The first is where it requires administrative privileges to alter an embedded information property list within the Firefox and Safari Web browsers to contain a variable called “DYLD_INSERT_LIBRARIES” that launches the malware when these applications are run. F-Secure claims the variants of this malware are ultimately harder to detect (provided the user unknowingly supplied administrative privileges when installing the fake Flash Player installer) since it only affects these programs.

The second infection route does not target individual applications, but instead alters a more global version of the property list with the same “DYLD_INSERT_LIBRARIES” variable that will launch the malware whenever any application is opened. Because this modification is done to the user’s account and not to files within the Applications folder, the attack does not require admin privileges to complete; however, it does ultimately result in a more obvious infection that will destabilize the system and lead to crashes.

Tags: , , , , , , , , , ,

Short URL: https://www.newspakistan.pk/?p=18808

Posted by on Apr 12 2012. Filed under Sci-Tech. You can follow any responses to this entry through the RSS 2.0. You can skip to the end and leave a response. Pinging is currently not allowed.

You must be logged in to post a comment Login

Join WishFree.com

Photo Gallery

Unique Auction UAE
Log in