The MacValley blog


Welcome to the MacValley blog, your first stop for all the latest MacValley news and views.


Tom Briant

The MacValley blog

Editor: Tom Briant


Click here to email Tom

Click here for Tom's profile



To search the blog posts please use the box below

Saturday, April 7, 2012

Trojans Infecting Macs and Dealing with them

There are a couple of new Trojan Horses going around that are quite nasty.  The one that is receiving the most press is called Flashback.

Article: Mac Flashback Trojan: Find Out If You’re One of the 600,000 Infected

This article will tell you how to find out if you are already infected by the Flashback Trojan, and it tells where to go to find instructions on how to eliminate this malware if you are.
(Don't be too upset by the title of that article. I've yet to hear a single firsthand account of someone being infected by Flashback.)

A simpler method (i.e. non-command line) than the F-Secure steps to check to see if you are infected by Flashback is this little app that runs the test for you. It just posts a dialog that says whether or not you're infected,  It does not make any attempt to remove the trojan. You can download it here:

Apple has already pushed out an update to Java that includes a patch to make your Mac immune to Flashback.
Once you either find out that you aren't infected with Flashback, or you find out that you are infected with Flashback and you eliminate it, it would be a very good idea to go ahead and update Java to acquire immunity to Flashback.

Java, by the way, is a programming language that is used for applications and advanced features on Web sites. It's use has become very rare. If you think that it is unlikely that you even have a need for Java, it is possible to completely disable Java so that it can be totally eliminated as a vector of malware infection on your computer.:

If you don't know if you need Java for anything...I recommend that you disable it.  If a program or a Web site subsequently gives an error message and refuses to run...reinable it.  It's not a difficult or immutable act.

There is another Trojan Horse going around that is carried via a Microsoft Office document. Don't confuse this with the Flashback Trojan. Apple has already pushed out a patch to protect you against this Trojan also.
Apple updated XProtect with a definition to catch the Office vulnerability. They refer to it as "OSX/Mdropper.i." This should have happened automatically in the background on your Mac if your are running OS X 10.6 or higher (i.e. Snow Leopard or Lion).

(There is no version of XProtect included in versions of OS X prior to OS X 10.6/Snow Leopard.)
To find out which version of XProtect your Mac has installed, and when it was last updated you can download this free widget:

The latest Mdropper.i update came around April 2.

In addition, if you have Microsoft Office installed, it's a good idea to install the Microsoft updaters for Office. These include a patch against this Trojan also:

Now, the question that always comes up is: Do I need to install anti-virus (AV) software at this point?
Most ordinary Mac users do completely without any AV software, and yet you just about never hear about a Mac user being infected with Malware.   There are still no actual viruses (defined as self-propogating software) for the Macintosh.  I’ve told you, above, how to deal with the latest malware threats without the need for AV software.  So not much has changed that would require that we all run out and purchase AV software.

However, as attorneys we are used to engaging in “best practices.”  I’ve run what is usually the most highly rated (in magazine comparison tests) AV software program for the Mac for over a decade:
Intego’s VirusBarrier ($50)

just to be able to tell clients that I am running AV software.  (Clients don’t understand that a Macintosh isn’t the same thing as a Windows computer.  And I don’t want to bother to try explaining the difference to them.)
In all that time VirusBarrier has never actually protected me from anything of any consequence.  While VirusBarrier is excellent, some users have (rarely) reported that it can cause nasty software conflicts (as can any AV software that runs constantly in the background).  And since VirusBarrier always running in the background on your Mac, even though it is mostly unnoticable, there is some (minor) level of performance degridation (and once again, this is true of any AV software that is always running in the background).

So, instead, you may want to download and regularly use this free product:

ClamXav (free)

ClamXav doesn’t run constantly in the background like most other AV programs.  (So it shouldn’t cause any software conflicts or slowdowns.)  It can, however, be set to run on a schedule.  It is easy to use, and it is comprehensive.  So it is a good choice to install on your Mac, even if AV software really isn’t necessary for your Mac.
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

Macintosh OS X Routine Maintenance

No comments:

Post a Comment



Blog Archive