Post: New Mac Viruses + How to Prevent/Get Rid of Them
Options
04-20-2012, 02:08 AM
#1
CLM
[b]They say sorry Mr. West is..[/b]
"Although Mac users may think they are safe from viruses, Kaspersky Lab noted that before 2012 about 300 variants of Mac malware had been detected. Now, however, more than 70 have been detected in the past three months."
1. Flashback
Flashback is a Trojan that was first discovered in September. It compromised over 600,000 Macs while disguising itself as an Adobe Flash Player installer.
To get your vaccine for this and become immune, just download Apple's latest security update:
You must login or register to view this content.
Since this patch, the number of infected computers dropped to just 237,000
If you already got it, there's a simple way to remove it:
1. Download You must login or register to view this content.
2. Just run the program and follow the directions
2. SabPub
This is reported to be even bigger and nastier than Flashback. This virus has been spreading through Java and could be infecting computers when people open emails with suspicious links that direct users to the malware.
Originally posted by another user
“The Flashback and the SabPub Trojans are totally different,” Alex Gostev, chief security expert of Kaspersky Lab, told Mashable. “SabPub is classic backdoor Trojan, so it opens full access to a victim’s system for attackers. Flashback and its known variants is downloader and clickjacking bot, which means it conducts click fraud scam by hijacking people’s search engine results inside their web browsers.”
“The latest version of the SabPub Trojan can infect more people than previous versions of this malware, which appeared earlier this year,” Gostev said. “In February, SabPub was exploiting a Microsoft Word vulnerability, which was fixed long time ago. The latest version of SabPub uses the Java exploit to spread infection in a more effective way because the Java exploit is delivered via a drive by download, which occurs when people click on URLs with malware via email.”
“The latest version of the SabPub Trojan can infect more people than previous versions of this malware, which appeared earlier this year,” Gostev said. “In February, SabPub was exploiting a Microsoft Word vulnerability, which was fixed long time ago. The latest version of SabPub uses the Java exploit to spread infection in a more effective way because the Java exploit is delivered via a drive by download, which occurs when people click on URLs with malware via email.”
There is currently no sure fire fix for SabPub if you're infected you're just going to have to keep your eyes peeled for Apple's next patch. If you're not infected, just don't click or download anything suspicious. I'll also post the fix here as soon as it comes out.
You can check to see if you're infected by doing the following:
Originally posted by another user
to ensure your system is clear, you can check for the malware by going to the Library folder within your user account (hold the Option button and select Library from the Finder's "Go" menu in OS X Lion), and then open the LaunchAgents folder and the Preferences folder within the user library. In the LaunchAgents folder, locate and remove the file called "com.apple.PubSabAgent.plist." Then go to the Preferences folder and remove the file called "com.apple.PubSabAgent.pfile" (note the extension "pfile" instead of "plist"). The first document here is the launcher that keeps the process running, and the second is the process itself.
Alternatively to using the Finder to locate and remove these files, you can run the following two commands in the Terminal application (in the /Applications/Utilities/ folder):
rm ~/Library/LaunchAgents/com.apple.PubSabAgent.plist
rm ~/Library/Preferences/com.apple.PubSabAgent.pfile
Another variant called "MacKontrol" places the files /Library/launched and username/Library/LaunchAgents/com.apple.FolderActionsxl.plist on the system. There is some ambiguity as to whether or not the first file is in the user's library folder or if it is in the global library, but the following commands should remove it from the system:
rm /Library/launched
rm ~/Library/launched
rm ~/Library/LaunchAgents/com.apple.FolderActionsxl.plist
After you have removed these files, log out and log back in to your system to clear them from the system's memory and from the launch manager for your user account.
Alternatively to using the Finder to locate and remove these files, you can run the following two commands in the Terminal application (in the /Applications/Utilities/ folder):
rm ~/Library/LaunchAgents/com.apple.PubSabAgent.plist
rm ~/Library/Preferences/com.apple.PubSabAgent.pfile
Another variant called "MacKontrol" places the files /Library/launched and username/Library/LaunchAgents/com.apple.FolderActionsxl.plist on the system. There is some ambiguity as to whether or not the first file is in the user's library folder or if it is in the global library, but the following commands should remove it from the system:
rm /Library/launched
rm ~/Library/launched
rm ~/Library/LaunchAgents/com.apple.FolderActionsxl.plist
After you have removed these files, log out and log back in to your system to clear them from the system's memory and from the launch manager for your user account.
Also, don't think restoring your system via Time Machine or any other way will fix it. There's a good chance the back-ups have some of the infected files in it so it'll just bring the virus back.
Soucres:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Last edited by
CLM ; 04-20-2012 at 03:05 AM.
The following 2 users say thank you to CLM for this useful post:
04-20-2012, 02:43 AM
#2
Coqui
Former Staff
Originally posted by ClutchLikeMelo
New Mac Viruses + How to Prevent/Get Rid of Them
"Although Mac users may think they are safe from viruses, Kaspersky Lab noted that before 2012 about 300 variants of Mac malware had been detected. Now, however, more than 70 have been detected in the past three months."
1. Flashback
Flashback is a Trojan that was first discovered in September. It compromised over 600,000 Macs while disguising itself as an Adobe Flash Player installer.
To get your vaccine for this and become immune, just download Apple's latest security update:
You must login or register to view this content.
Since this patch, the number of infected computers dropped to just 237,000
If you already got it, there's a simple way to remove it:
1. Download You must login or register to view this content.
2. Just run the program and follow the directions
2. SabPub
This is reported to be even bigger and nastier than Flashback. This virus has been spreading through Java and could be infecting computers when people open emails with suspicious links that direct users to the malware.
There is currently no fix for SabPub if you're infected you're just going to have to keep your eyes peeled for Apple's next patch. If you're not infected, just don't click or download anything suspicious. I'll also post the fix here as soon as it comes out.
Soucres:
You must login or register to view this content.
You must login or register to view this content.
"Although Mac users may think they are safe from viruses, Kaspersky Lab noted that before 2012 about 300 variants of Mac malware had been detected. Now, however, more than 70 have been detected in the past three months."
1. Flashback
Flashback is a Trojan that was first discovered in September. It compromised over 600,000 Macs while disguising itself as an Adobe Flash Player installer.
To get your vaccine for this and become immune, just download Apple's latest security update:
You must login or register to view this content.
Since this patch, the number of infected computers dropped to just 237,000
If you already got it, there's a simple way to remove it:
1. Download You must login or register to view this content.
2. Just run the program and follow the directions
2. SabPub
This is reported to be even bigger and nastier than Flashback. This virus has been spreading through Java and could be infecting computers when people open emails with suspicious links that direct users to the malware.
There is currently no fix for SabPub if you're infected you're just going to have to keep your eyes peeled for Apple's next patch. If you're not infected, just don't click or download anything suspicious. I'll also post the fix here as soon as it comes out.
Soucres:
You must login or register to view this content.
You must login or register to view this content.
Take a read on this You must login or register to view this content. it talk about a way to fix SabPub.
The following user thanked Coqui for this useful post:
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
