Lock up your Pros and hide your Airs, because it turns out that one
of the more notorious Mac trojans is back in action. Known as Flashback,
this trojan was found to be in action about five months ago,
disguising itself as a new Flash Player for Mac. It was soon identified
by security researchers and the alert was raised, but now it’s back and
trying not one but three different tactics to install itself on a
user’s Mac.
First up is a pair of Java vulnerabilities. If those are already
patched, then the trojan tries to find vulnerability in the user
instead. It displays a digital signature supposedly belonging to Apple
and asks for access to your computer. There are a few things fishy about
this, but the average user is unlikely to pick up on them. Many people,
especially if tired or distracted, could easily click “Continue”
without realising.
If successfully installed, Flashback goes back to its old tricks of
looking for usernames and passwords. It specifically targets banking
websites, no doubt seeking information useful for identity theft.
Now, let’s talk about the good news. This version of Flashback
purposely attempts to avoid systems that have an anti-virus installed,
so the mere presence of security software
is a boon. In addition, the method used by this trojan to intercept and
report passwords will cause some software that requires network access,
such as Skype, to crash. This can give you the heads-up.