Another Flashback Variant – 2nd in two days!

Hey Mac users who still haven’t taken the hint and update your systems’ security there’s yet another version of the Flashback Trojan for you to enjoy.

It infects unprotected Macs in the same way Flashback.K did, through a Java applet exploit, and installs itself without the need of your password.
And, just as its predecessor, Flashback.K erases its footprints by deleting the Java cache and ensures its propagation by installing into the Java Update folder. You can read more here.

Apple released a Java patch in early April, as well as a Flashback removal tool, but clearly not all Mac users patched.

But many Mac users don’t even qualify for the patch—it was only available to systems running OS X 10.6 (from 2009) and later. Mac users running OS X v.10.5 and earlier were advised to disable Java altogether. WTF!! However, it’s quite possible that many users of these older systems just didn’t get the memo and are still running insecure software.

Here is F-Secure’s site that has the checker and removal tool. Check that out too. And please update your systems folks.

Spring Data Backups and Recovery

So it’s spring time woodchuckers. Time for some cleaning and maintenance for many around that house. It’s also a good time to check your backup plans and procedures for your digital data too. Or if you don’t have any make and apply some sort of plan.

You know those stupid commercials about not knowing when you will lose your data. Well, THEY’RE TRUE! It is not a matter of ‘IF’ but WHEN. There are many factors and events that can cause a loss of your important data: Things such as fire, flood, earthquake and other natural disasters. Power surges or outages. Theft of your primary system(s) failure of part or all of your system(s) and of course malicious software such as extortionware or virus’. Remember electronics like everything else WILL fail. And of course usually when you need it most or expect it least.

So please design and USE some sort of plan. I recommend a solution that utilizes technology to it fullest. And for that I recommend backing up you data locally to external/removable hard disk drive(s) (that can and should then be stored in a fire safe or safe deposit box!) along with a combination of some form of ‘cloud’ type of service. I’ll discuss both here.

Cloud Storage solutions such as Mozy, Carbonite etc. and other ‘Synchronization’ type of services such as; Dropbox, Box.net, iCloud, SkyDrive and many others offer a wonderful addition to ANY backup plan. And I use many of them and recommend them as an addition or supplemental solution. You can read my previous article here.

There are a number of things to consider with ‘Cloud’ services, things like:

Bandwidth and storage size – you will be backing your data up to the cloud, and it’s your Internet connection you’ll be using. You need to evaluate your internet connection (and ISP rules and limits regarding that bandwidth – some ISPs severely restrict the amount of data you can use per month!), and whether or not you need to increase your bandwidth speed and/or allotment.

Backup and Restore times – If you are backing up (or synchronizing) a lot of data, how long will it take for the backup and more importantly the ‘restore’ to occur? There are two methods for moving the data back and forth – one is to backup the ‘entire’ file(s) each and every time they are modified. The second is to just synchronize/backup the changed data (called delta or diffing).

Will the company be there when you need it?! –  Startups sometimes offer amazing prices for cloud storage but require a leap of faith on behalf of users that they’ll still be around next year. It’s possible that even established services could disappear overnight, but more likely the owners will tell you if the service is to terminate, and give you a chance to make other arrangements or retrieve data. Make sure to choose one with a LONG track of ‘being there’.

System Resource Usage – Some applications can cause your system to dramatically slow down while others are ‘lighter’ on systems resources and synchronize or back up when you are not using your system or at scheduled times. The best way to find out which works for you is try a few of them.

And of Course Security – This is not a small thing. You must make sure your account is protected by a very secure username and password AND that the service you use is very reputable. Also for backup services (vs just the synching type) do they offer ‘full file encryption’? How are your files AND passwords stored on that system – are they themselves encrypted? Are files encrypted before they are sent to the cloud storage provider and are they transmitted via a secure connection (https, sftp etc.)?

On a personal note I don’t put ANYTHING in the ‘Cloud’ that contains any truly sensitive information. I simply synchronize documents, photos and other files that I may not really want to have someone access but that I would still not be ‘harmed’ if they were somehow compromised and accessed. For these purposes – easy access to my documents and files from anywhere, and also collaboration with individuals or teams, the cloud reigns supreme; I can place working documents into many locations, access them from just about anywhere and even share them if I need to. I can also restore ‘lost’ or previous versions of documents and files fairly quickly and easily with these ‘cloud services’. Like I’ve mentioned many times previously, I am extremely careful about my personal security so I use cloud services as an ‘adjunct’ to my ‘real’ back/disaster plan.

I back up ALL my data using disk imaging. It is the only method that can reproduce, to an exact point in time, your existing system; Operating System, Applications AND files quickly and easily. Usually within less than a couple hours depending on the size of your image(s).

With disk imaging (or cloning) I have the ability to be up and running extremely fast. I can restore an entire system or individual files. No need to re-install an operating system and applications and then update them just to be able to access my files. External Hard Disk Drives (and spare internal ones too!) are very inexpensive and getting cheaper all the time!

I have written many times previously [read here and here and for Macs here ]about the prudence and wisdom of having backups of your digital data. And by backup I mean that your data exists in TWO places at once and is able to be accessed or recreated from either source quickly and easily. For this I believe the best solution is to use Disk Images for both Windows PC’s and Mac OS X systems.

Please read my other articles (linked above) and get and work a backup plan. For my Windows operating systems I use and recommend Acronis and for Apple OS X systems I recommend Carbon Copy Cloner. Both provide a superior solution to those built into either respective OS.

Peace, and good luck.

OK Mac guys here we go again!

There’s Another Mac Trojan Spreading Via Microsoft Office documents and email attachments. The Trojan apparently spreads through infected Office documents, and it’s in “active stage”, which means that it searches through documents on infected machines.

Please note that this is a very sophisticated and malicious attack that not only ‘infects’ your machine but also installs a ‘bot’ to control it, scan through your system, and take what ever it wants to! ALL WITHOUT YOUR INTERACTION AFTER THE FIRST INFECTION!

The attack vector utilizes several vulnerabilities. The Java whole that Apple finally just fixed last week. And a Microsoft vulnerability that MS patched 3 years ago. (but they may update that patch too).

Please folks keep your Operating System, Applications and security software up to date and don’t be one of those poor naive bastards that thinks this cannot happen to you.
You can read more here and here

Windows AND Mac System Security News 04-12-2012

For OSX users:
Apple just released Java for OS X 2012-003, an update to the Java implementation in OS X. The update removes “the most common variants of the Flashback malware.” Check that out here. You should definitely update your Java NOW!

For Windows users.
It’s even scarier again. Trend Micro has found some scary ass Ransomware.

You can and SHOULD read the scary details here.

From TrendMicro’s blog, here is some of the details.

“We have encountered a ransomware unlike other variants that we have seen previously. A typical ransomware encrypts files or restricts user access to the infected system. However, we found that this particular variant infects the Master Boot Record (MBR), preventing the operating system from loading. Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code. Right after performing this routine, it automatically restarts the system for the infection take effect. When the system restarts, the ransomware displays the following message:

This message prompt informs affected users that the PC is now blocked and that they should pay 920 hryvnia (UAH) via QIWI to a purse number (12 digits) – 380682699268. Once paid,they will receive a code that will unlock the system. This code will supposedly resume operating system to load and remove the infection. This particular variant has the “unlock code” in its body. When the unlock code is used, the MBR routine is removed.

Bottom line PLEASE keep your security software, Operating Systems and Browsers (including and especially browser plug-ins like Java, Flash etc.) up to date and patched.

Peace.

Mac Fanboys and Girls let the terror start

UPDATE:

There is now a simple tool you can use to check to see if you are infected by this Trojan. So far they are finding more and more people with it!

The tool is called, appropriately enough, the FlashbackChecker tool. You can get that here. Download and run it and see if you are in the clear.

Note that FlashbackChecker can’t actually remove the Trojan, it can only detect it. So, if you or a family member does find it on their machine, you’ll have to go back and run those original terminal commands (from F-Secure’s site) to determine exactly what you need to remove.

—-

Mac Trojan is infecting LOADS of people!! OK now the terror starts for you fanboys (and girls). My last article told you of this Mac Trojan. Now it’s apparently infected at least 600,000 users so far (read here) and it’s terrifying everyone! It’s written in an unknown language, doesn’t even need your password to compromise you! Please read and take precautions.

It’s written in an unknown language, and doesn’t even need your password to compromise you, and.

For instructions on how to check for and how to remove it you can AND SHOULD go here. This is F-Secure’s site.

NO system that is connected to a network is EVER safe. It can only be made more secure. Don’t ever think you Operating System is your security; it’s not – YOU ARE!

Be safe out there people!

[side note: I wonder how many calls I’ll get about this and how to repair the damage? The compromised system I can fix – your emptied bank account I cannot. Just saying.]

New Flashback Trojan Infecting Macs NOW

A new Mac Trojan that can now infect your computer from little more than a visit to a website AND requires NO PASSWORD TO INSTALL is making it’s rounds and promises some scary things!

The exploit was patched in February for MS Windows systems, however Apple has yet to release one for OSX.
Read more about it here.

F-Secure has a method for checking for and removing the infection here.

So once again folks please do not be naive and think you are immune to attack simply because your Operating System is not MS Windows.

Be safe out there.