[MacTUG] Flashback malware downloader - anyone encounter it?
Mike Patterson
mpatterson at uwaterloo.ca
Wed Apr 11 09:30:37 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12-04-09 11:40 AM, Mike Patterson wrote:
> If somebody finds any evidence of Flashback on their Mac
> (on-campus), I'd be *very* interested in hearing about it. I have
> IDS signatures that purport to detect Flashback C&C checkins, which
> have yet to fire for campus. That might be because there's nothing
> to see, or it might be because they're incorrect. If the latter, I
> need to know.
There's at least four machines on campus infected, three in resnet and
one elsewhere. I've asked the owners of the one elsewhere to let me
have a look at it. Given it's exam time, I've no hope that I'll ever
see the ones from ResNet.
The out of the box IDS signatures didn't fire, but some custom ones
I... acquired... did. Rest assured I'll let anybody know if I see this
for their computer. :-)
Also... Patch your Mac! Now! Tell everybody!
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
iEYEARECAAYFAk+Fh30ACgkQrqw9H9F0mCRgjQCgmSe6RWHa+UErW+4el7eXH/AO
gz0AnRw5oqSP1QLoFojeBCDM5BxgzBAF
=RWB3
-----END PGP SIGNATURE-----
More information about the MacTUG
mailing list