Desi multi credeau ca problemele generate de Flashback au ramas doar o urata amintire, iata ca Intego a descoperit o noua versiune a malware-ului care a generat atatea probleme. Flashback.S se numeste noua versiune, ea profita de vulnerabilitatile Java pentru a infecta Mac-urile, insa are grija sa nu exploateze calculatoarele care au instalate aplicatiile VirusBarrier X6, Xcode sau Little Snitch. De indata ce malware-ul infecteaza Mac-ul, el isi sterge fisierele folosite pentru infectare si ofera acces total la Mac-ul vostru.
Intego has discovered a new variant of the Flashback malware, Flashback.S, which continues to use a Java vulnerability that Apple has patched. No password is required for this variant to install, and it places its files in the user’s home folder, at the following locations:
- ~/Library/LaunchAgents/com.java.update.plist
- ~/.jupdate
It then deletes all files and folders in ~/Library/Caches/Java/cache in order to delete the applet from the infected Mac, and avoid detection or sample recovery.
Desigur ca aceasta versiune a malware-ului nu are nevoie de parola pentru a va infecta Mac-ul si el se foloseste de o vulnerabilitate deja blocata de Apple, deci teoretic ar trebui sa fiti protejati daca ati facut ultimele update-uri pentru Mac OS X. Nu stiu cat de multe Mac-uri sunt intr-adevar infectate insa “telenovela” Flashback pare sa fie una care in spate are nu doar hackeri independenti.
This post was last modified on apr. 24, 2012, 1:45 PM 13:45