[MacTUG] Worth Reading: An analysis of the Flashback/Flashfake trojan - The H Security: News and Features
Marlon A. Griffith
m3griffi at engmail.uwaterloo.ca
Fri Apr 20 11:38:16 EDT 2012
"""
Among other things, Gostev describes how specially crafted WordPress pages were used to attack Mac users with four different Java applets, initially in order to install a custom downloader.
This component then downloaded the actual botnet client in encrypted form and tried various different ways of anchoring itself into the system. If a user failed to input their administrator credentials when prompted by the malware installer, the trojan used the dynamic DYLD loader to hook into a number of processes as a library.
http://www.h-online.com/security/news/item/Worth-Reading-An-analysis-of-the-Flashback-Flashfake-trojan-1543565.html
"""
More information about the MacTUG
mailing list