News

How to check for and get rid of a Mac Flashback infection (from Ars Technica)

04/07/12 by | No Comments

Posted in: Computer Security, Fix it, Internet, Macintosh, News

Article from:
http://arstechnica.com/apple/news/2012/04/how-to-check-forand-get-rid-ofa-mac-flashback-infection.ars?old=mobile

How to check for—and get rid of—a Mac Flashback infection

By  | Published about 20 hours ago
flashback trojan 4f7f1d9 intro thumb 640xauto 32567 How to check for and get rid of a Mac Flashback infection (from Ars Technica)

Here’s hoping you get nothing but a series of “does not exist” responses!

So you’re a Mac user who has heard that more than half a million Macs have been infected by the recent Flashback malware. When the news began to spread about how the malware took advantage of a previously unpatched Java vulnerability on the Mac, the the horror stories began pouring in. “My dad heard about the Flashback malware and subsequently deleted his Java folder. Now his Mac won’t boot,” a friend told me.

Needless to say, this is not the way to properly nuke a possible Flashback infection or prevent yourself from catching one. Still, there is a reasonable level of concern out there. Maybe you haven’t been keeping up on your antivirus software (and let’s be honest, most Mac users don’t), or perhaps you simply have suspicions about your Mac acting funny. How do you check if you have Flashback, and if you do, how do you (properly) get rid of it?

Head to the Terminal to check for infection

These Terminal commands will give you an easy way to find out whether you have a possible Flashback infection.

First, launch Terminal from /Applications/Utilities on your Mac. Then individually type or paste these three lines into the Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If the Terminal returns back to you lines that look like this:

The domain/default pair of (/Users/jacqui/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

Then you’re home free and you’re not (yet) infected by Flashback. You can proceed to the “Run Software Update” section of this post. If they do return results, then it’s likely that you are infected. But worry not, as there are ways to get rid of the malware that will only hurt for a second.

How to get rid of Flashback

Here’s where things might get complicated. These removal instructions are from security research firm F-Secure’s removal page. Take us away, F-Secure! (Cue Keyboard Cat now.)

  1. Run the following command in Terminal:defaults read /Applications/Safari.app/Contents/Info LSEnvironment
  2. Take note of the value, DYLD_INSERT_LIBRARIES
  3. Proceed to step 8 if you got the following error message: “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”
  4. Otherwise, run the following command in Terminal:grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step2%
  5. Take note of the value after “__ldpath__”
  6. Run the following commands in Terminal (first make sure there is only one entry, from step 2):sudo defaults delete /Applications/Safari.app/Contents/InfoLSEnvironmentsudo chmod 644 /Applications/Safari.app/Contents/Info.plist
  7. Delete the files obtained in steps 2 and 5
  8. Run the following command in Terminal:defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
  9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following: “The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”
  10. Otherwise, run the following command in Terminal:grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step9%
  11. Take note of the value after “__ldpath__”
  12. Run the following commands in Terminal:defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIESlaunchctl unsetenv DYLD_INSERT_LIBRARIES
  13. Finally, delete the files obtained in steps 9 and 11.
  14. Run the following command in Terminal:ls -lA ~/Library/LaunchAgents/
  15. Take note of the filename. Proceed only when you have one file. Otherwise contact our customer care.
  16. Run the following command in Terminal:defaults read ~/Library/LaunchAgents/%filename_obtained_in_step15% ProgramArguments
  17. Take note of the path. If the filename does not start with a “.”, then you might not be infected with this variant.
  18. Delete the files obtained in steps 15 and 17.

In addition to these steps, F-Secure recommends checking for another variant of Flashback, Flashback.K. The instructions can be found on another page on F-Secure’s website.

Run Software Update

java mac 4f7f151 intro How to check for and get rid of a Mac Flashback infection (from Ars Technica)

Apple has now released some Java updates that will patch the vulnerability targeted by the current variant of Flashback, so if you’re free from infection, you can apply the patch via Software Update. (It’s a mystery as to why Apple waited so long to patch Java for Mac OS X when Oracle released an update in February.) You can also manually download the update for Lion and Snow Leopard, respectively, from Apple’s support site.

Do you really need Java running in your browser anyway?

This raises an important question: do you even need Java running in Safari? Some people do—my parents, for example, play bridge on a website that requires a Java applet to run, and they will not switch to another service—but many of us don’t. If you don’t, it could be worth turning off just to keep yourself extra secure. You can do this in Safari by going to the Safari menu and then Preferences. Then click over to the “Security” tab:

java safari 4f7f25a intro How to check for and get rid of a Mac Flashback infection (from Ars Technica)
Unchecking Java in Safari will let you find out if you can live without it

Uncheck “Enable Java.” (You can always turn it back on if you have to.) If you can live your life without it, this will be an extra step to help protect you against similar attacks in the future.

Conclusion

Once you’ve performed these steps and updated your installation of Java, you’re inoculated against the current version of the Flashback malware, but that doesn’t mean the variant won’t change again sometime in the future to exploit a different vulnerability on your Mac. Stay vigilant! Keep your software up to date, don’t ignore strange files that appear from strange places, and if you can, be aware of odd network behavior coming from your Mac. You can do this by installing software like Little Snitch to monitor your Mac’s network activity. (And a side effect of having Little Snitch installed is that the latest variants of Flashback won’t install themselves if you already installed Little Snitch!)

The files don’t necessarily come from spammers, either—a Google Image Search might bring you to a malicious website, for example, that could try to execute the code once you visit the site for that cute cat picture. So it’s not just about avoiding file attachments in e-mail; malware can be found lurking in all corners of the Web.

As for whether the “half a million Macs” number is accurate, Dr. Web malware analyst Sorokin Ivan said onTwitter that “BackDoor.Flashback.39 uses Hardware UUID (IOPlatformUUID) to identify bots,” and Dr. Web’s statistics are based on that ID. Even if the numbers aren’t accurate, the latest scare is another wakeup call for Mac users who have been ignoring malware and virus threats up to this point. What steps are you taking to make sure your Mac is protected?

iPod. iPhone. iPad. Why Apple is Done Inventing New Devices.

08/15/11 by | No Comments

Posted in: Macintosh, News

By Mike Elgan (12:18 pm, Aug. 13, 2011) From http://www.cultofmac.com

Most of Apple’s money comes from recently invented gadgets. More than two-thirds of Apple’s revenue comes from product types that didn’t even exist five years ago (iPhone and iPad). And 78% of Apple’s income is made by products unimaginable just ten years ago (throw in iPod and iTunes).

steve jobs 456x259 iPod. iPhone. iPad. Why Apple is Done Inventing New Devices.

That means, in order to stay on the same growth curve in the current decade, Apple will have to invent product categories as new as the iPod, iPhone and iPad were, right?

Wrong.

The new products were part of a killer strategy Apple came up with in 1997. Apple will dominate the future by sticking to the strategy, not by trying to invent more product categories.

Apple became the most valuable company in the world twice this week, trading places briefly with Exxon Mobil. But Apple and Exxon aren’t even in the same league in terms of coolness, greatness or any other ness you want to throw at it. One company sells flammable muck sucked out of the ground to be converted into air pollution, and the other makes the MacBook Air, the most perfect computer every built.

Apple used to be a big loser. I mean that literally. Some 14 years ago, Apple had been losing money year after year. The conventional wisdom was that it’s glory days were in the past.

The PCs wars were over. Microsoft had won. Attempts to invent new platforms, most especially the Newton platform, had failed. The company was in a pickle. If it tried to be unique, it would remain a shrinking, minor fringe company. If it sold out and tried to be more conventional, it would be destroyed by more efficient conventional competitors.

Apple was not only a loser, it seemed that there was no possible way it could win. It was a relic from the 80s, a minor footnote in the history of computing.

The lowest point in the company’s history came in 1997. Out of desperation, Apple forged a new partnership with Microsoft in which that company invested $150 million dollars in Apple in exchange for a promise by Apple to offer Internet Explorer as the default browser on Macs, and other promises. Apple needed the money. And the partnership.

Apple had sunk so low in 1997 that they were willing to try anything. So out of sheer desperation, they promoted Steve Jobs from “advisor” to “interim CEO.”

Jobs, no longer just a visionary loose cannon, had become a skillful leader. The whole experience of being driven out of his own company, and building a new company from scratch, taught Jobs to be the complete visionary dictator he was born to be.

Jobs packed the board with loyalists, unceremoniously deleted entire product lines, and re-structured the company around a breathtaking, new, long-term vision.

The new vision was to transform Apple from a computer company to a content appliance company. No, THE content appliance company. No other company had or currently has the same strategy.

Apple clearly devised this strategy in 1997. That’s when the “Think Different” advertising campaign launched. That campaign broke all the rules for positioning computing products. Instead of “buy this, it’s faster, cheaper, runs more software,” the pitch was: “aspire to genius, we’ll give you the tools to create.”

So while Microsoft sees itself as a company that makes software, Dell a company that makes hardware, Google a company that sells advertising and HP a company that provides turn-key business solutions, Apple would obsess over content — big products for creating it; all products for consuming it.

Of course, Apple products are multi-purpose devices, useful for communication, business, doing taxes and other purposes. But the content creation and consumption would be the company’s laser beam focus and the centerpiece of the Mother of All Winning Strategies.

Apparently Apple noticed in 1997 that nearly all the ways that people consumed content sucked. Hard.

People were paying $12 to $18 per CD for music, then carrying around massive CD players to listen. Television was always horrible. Cable TV services were (and are) clunky, non-intuitive and expensive. Car radio never had anything good on. Books and magazines were expensive and wasteful.

Apple could see that new digital technologies, combined with the Internet, could fix what was broken in content consumption. But Apple could also see that the various content industries would fight to prevent needed change.

People talk about the iPod, iPhone and iPad as merely new gadgets that Apple invented, which succeeded because they were appealing consumer electronics devices. But you can’t really understand why they were all so incredibly successful unless you view them in the context of the content strategy.

While Apple’s competitors were focused on building devices, Apple was focused on transforming how people interacted with human culture. The iPod was created to use digital media and the Internet to fix what was broken about audio content. Likewise with the iPhone, the iPad and Apple TV.

The theme with all Apple’s new products in the last decade has been to use digital technology plus the Internet to fix what’s broken about how people consume content. And likewise with Macs and MacBooks — Apple has improved those products by fixing what was broken about both the consumption and creation of content.

And that’s why Apple is done creating whole new platforms. There will be nothing in the coming decade equivalent in newness to the iPod, iPhone and iPad.

Apple’s full line enables the company to fix what’s broken about all the major ways people consume and create content.

I do believe Apple will offer a TV set at some point. But they can’t claim to have invented the TV set. It’s not a new gadget platform in the same way as, say, the iPad is. A better TV is not the same as inventing the TV.

The important point is that Apple absolutely does not need to keep entering whole new businesses like it did with iPod, iPhone and iPad in order to continue growing and dominating.

The iPod, iPhone and iPad didn’t make Apple billions because they were new, high-quality gadgets. They were that, but they enabled the company to improve content consumption in places where people would be consuming content anyway.

Apple needs only to continue to perfect the platforms it already offers. For example, Apple will continue to add touch-friendliness to Macs. Look for all-touch iMacs and all-screen MacBooks (where the keyboard is a screen) in the next five years. Yes, Apple will continue to innovate brilliantly. But those innovations will be improvements to existing lines, rather than the creation of all-new lines as represented by the iPod, iPhone and iPad.

Apple’s continued growth will come from growing marketshare, new markets and new revenue models. The iOS platform, in fact, is the likely model for all future business.

On the iOS platform, Apple makes money from sales of the integrated hardware/software appliance. Then it takes a huge cut of all third-party app sales. Then it takes a cut of all content downloaded to the device. It makes money selling advertising that will be displayed on the device. It will make licensing revenue from desperate competitors who copy the device.

Apple will continue to grow revenue by rolling out this model more completely to desktop and laptop devices, and also television.

And Apple will be happy to leave the low-margin, high-maintenance businesses to sucker… I mean competitors. The PC clone vendors, the Chinese tablet makers, the Korean cell phone makers — Apple will let them claw at each other for near zero-margin hardware sales.

Apple is the most successful company in the world because Apple has the greatest business strategy ever devised: Fix what’s broken about creating and consuming content.

Apple invented three radically new gadget platforms in a single decade. But those inventions were only means to an end. Those inventions inserted Apple into all the major ways people consume content.

Now that Apple has product lines that offer the best experience for creating and consuming content, both on the desk and on the go, no further product lines need to be added.

The invention of whole new gadget categories at this point would mean Apple was trying harder for smaller markets, for the fringe, for the periphery.

And that’s something Apple hasn’t done since 1997.