Archive for April, 2012

Flashback Mac OSX virus update

April 27th, 2012 by dshettle

The flashback virus began as a headline in various news publications.  Some of the headlines touted numbers such as 600,000 infections, others percentages, but the reality was that “flashback” wasn’t quite mainstream yet — it was still fringe, and an interesting headline but not much else.  On campus, we hadn’t seen a single instance of it.

This week, however, we began seeing it, and it at one point things were looking a little dire:

  • We were seeing infection rates of dozens per day.
  • Our anti-virus solution wasn’t detecting some of the variants we were seeing.
  • Apple was not releasing fixes for Leopard — which several computers on campus still run.

Fortunately, we were able to implement a quarantine on detected machines, which helped get many computers cleaned, and our anti-virus solution released updates to address our particular problems.  There are still only workarounds for Leopard, but they seem to be effective, for now.  The below graph shows how things have calmed down substantially today.

Lessons learned include that the days of carefree Mac use may be limited, that updating the software via “Software Update” on the Mac is just as important as on Windows, and that anti-virus software on Macs should no longer be considered unnecessary.

If you were affected by the flashback virus, you should change your network password, change all critical website passwords you utilize, such as your bank password, or your credit card account password.  You also should remove all saved browser passwords.

Removing Saved Browser Passwords

Safari:
  1. In Safari, choose Safari > Preferences or press Command-comma (⌘-,)
  2. Click “Autofill”.
  3. Click “Edit” next to “User names and passwords”.
  4. Click “Remove All”.
Chrome:
  1. Type in chrome://settings/passwords in the address bar
  2. Click the X to the right of any saved passwords (if any) that show in the “Saved Passwords” section.
Firefox:
  1. In Firefox, choose Firefox > Preferences or press Command-comma (⌘-,)
  2. Click Security
  3. Click “Saved Passwords…” button
  4. Click on “Remove All”.

Posted in Security | Comments Off on Flashback Mac OSX virus update