Flasback Trojan

You may have heard the news currently trending on the web about a new Mac virus called Flashback. Flashback is not a virus, it’s actually a trojan. The media always seems to get this wrong.

Metaphorically a “Trojan Horse” has come to mean any trick or stratagem that causes a target to invite a foe into a securely protected bastion or space.

Unlike viruses which spread through infected files or email, a trojan – like the mythical Trojan Horse from which it gets its name – tricks the user into installing it. The Flashback trojan affects the Java Virtual Machine (JVM) – developed by Oracle – that Apple has shipped with every version of OS X except for Lion. I suspect that due to the many security vulnerabilities inherent in Adobe Flash and Java, Apple chose to ship OS X Lion with neither. OS X Mountain Lion continues that trend.

Flashback as we know it now appeared near the end of September last year, pretending to be an installer for Adobe’s Flash, a widely used plug-in for streaming video and interactive applications that Apple no longer ships on its computers. The malware evolved to target the Java runtime on OS X, where users visiting malicious sites would then be prompted to install it on their machine in order to view Web content. More advanced versions would install quietly in the background with no password needed. via CNet.

It’s alway a good idea to keep your Mac software updated and patched. One of the ways I cut my exposure to system threats is to only download and install software from known web sites and I stay off the seedier places on the web. Since it’s a new malware current anti-virus won’t protect you1 until the AV vendor updates their software. Until then use System Update to get the patch.

Apple has issued a patch for the Java virtual machine for OS X Snow Leopard (10.6.8). OS X Lion does not ship with Java or Flash. If you are running earlier versions of OS X all is not lost. There are a few things you can do to protect yourself.

The number one thing you can do as a Mac user to protect you computer is to STOP using the Administrator account. When you are running your computer with an Administrator account you are logged in as the most powerful user on the system. I know this makes installing software and changing system preferences easier because you don’t have to enter a password each time but this also makes it easy to install malicious software that change things on your Mac. The Administrator account can do a lot of things to your Mac that a standard account can not. Do you want malicious software to have access to that power? Create a standard user account and use it.

You can disable Java in the Safari security preferences.

You can also disable Java from running on your Mac via the Java Preferences app which you can find the Utilities sub-folder of the /Application folder.

  1. A few years ago when I saw the trend chart for Adobe Flash and Java vulnerabilities (at one point their was a Flash update once a week) I uninstalled Flash and disabled Java on all my computers. I’d rather have a more secure computer than see animated web sites. Your risk tolerance may vary.