toggle

AAPL Stock: 524.75 ( -6.95 )

Printed from http://www.macnn.com

Intego: new Flashback variant masquerades as Software Update

updated 01:35 am EST, Thu March 8, 2012

Malware may sniff for user names, passwords

A new malware threat dubbed Flashback.N, is actually a variant of an older one, claims anti-virus software maker Intego in a new blog post. Users who visit hacked or maliciously-crafted websites may see a delay, followed by a false password-request dialog box claiming to be from "Software Update." If accidentally installed, the malware inserts code into Safari's resources and will attempt to search network traffic for user names and passwords.

The malware seems to be most often found on sites hosting Wordpress blogs that are out-of-date, which allows hackers to install a backdoor on the servers that will try to re-direct Mac users to the sites that pop up the false "Software Update" password dialog. The difference between the "fake" Software Update alert and a real one is pictured below.

Intego also says it has found evidence that the authors of the Flashback malware, which has recently been trying to exploit holes in Java to present false certificates, are the same people behind the Mac Defender "fake anti-virus" malware last spring.

The company urges those hosting Wordpress sites to make sure their Wordpress software is up-to-date and that their administrative passwords are strong. A false plug-in for Wordpress called "ToolsPack" is also to be avoided, as it is the software that installs the backdoor on the server.

Mac users should be aware of the difference between a false Software Update dialog box and a real one and avoid supplying their password to a Software Update dialog that pops up while visiting a strange website. Intego users are already protected from the malware, and Apple is likely to update its anti-malware definitions in the near future to prevent the pop-up from succeeding in installing malicious code.


False Software Update dialog







Genuine Software Update dialog





by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Mr. Strat

    Joined: Dec 1969

    +1

    Zzzzzzz

    Oh looky - a company that sells anti-virus software warning us about malware which their product protects us from.

  1. testudo

    Joined: Dec 1969

    -1

    yet

    The mac community ignores yet another malware threat and will, in the future, continue to pretend that there's no viruses or attacks on the mac.

    BTW, at least one of the variants installed itself on the computer without any user interaction or notification at all. But, I know, it's not really that big a deal, since it didn't get root access, and that's all that matters. If they delete all your files, not a problem, as long as they can't access your video driver or something.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

STM Trust technology bag

The search for a good messenger bag that doubles as a laptop bag is something many travelers find themselves facing at least once. Bet ...

PenClic Bluetooth mouse

Windows 8 aside, computer users have been trained that a mouse is the proper way to navigate through the desktop for many years now. T ...

Booqpad for iPad Air

Before we get rolling, I'll confess: I've never understood the purpose of cases like the Booqpad. If you've got a tablet, surely p ...

toggle

Most Commented

 
toggle

Popular News