• ¡La seguridad es nuestro sector!

    Con el fin de ofrecerle la transacción financiera más segura, nuestra aplicación de pago requiere que actualice su navegador a una de estas opciones:

    Si el sistema operativo es anterior a OS X 10.8, la última versión de Safari no será compatible. Recomendamos utilizar la versión más reciente de Chrome o Firefox para completar esta transacción. La elección del navegador no afectará al rendimiento del software de Intego que ha adquirido. 

Noticias y comunicados de prensa

New Flashback Variant Changes Tack to Infect Macs

Intego has discovered a new variant of the Flashback malware, Flashback.N, which has been changed since our blog post showing how Flashback used Twitter as a command and control center. This new variant changes the files it installs and their location: the files we specified in our blog post of February 23 are no long used. In addition, it uses a different social engineering trick, if it fails to install itself via the Java vulnerabilities that we mentioned in that blog post.

The new version of the Flashback malware installs after Mac users visit infected web sites. In Intego’s tests, the installation procedure was somewhat odd, as web sites display a spinning gear for some time, before finally displaying a password request dialog pretending to be from Software Update, Apple’s tool for downloading and installing software.

Flashback forces Safari to quit, installs a file at /tmp/Software Update, then installs two invisible files in Safari’s resources, taking advantage of the root rights it obtained when the user entered his or her administrator’s password.

Next, Flashback injects code in Safari when the browser is launched. The .COAAShipPlotter.png file is the malware, and the .COAAShipPlotter.xsl is the file that injects code in Safari, in conjunction with Safari’s info.plist file which has been modified.

After this, the malware performs the same operations as previously, sniffing network traffic in search of user names and passwords. Note that these file names may change.
In addition, it is now clear that the Flashback malware has been created by the same people who were behind the Mac Defender fake antivirus which infected many Mac users beginning in May, 2011.

Websense Security Labs published a blog post pointing out that tens of thousands of WordPress blogs were infected by code that redirected them to web sites serving fake antiviruses, including Mac Defender. Sucuri Security narrowed this down to a plugin called ToolsPack, which installs a backdoor on servers where it is installed. But David Dede of Sucuri Security said, “Many of the blogs compromised in these recent attacks were running outdated WordPress versions, had vulnerable plug-ins installed or had weak administrative passwords susceptible to brute force attacks.”

Intego has examined some of the WordPress blogs infected with this code and found that they redirect Mac users to sites that serve the Flashback malware. It is important that people running WordPress sites ensure that their installation is up to date, that they have secure passwords, and that they especially don’t use this ToolsPack plugin.

Regarding this new variant of the Flashback malware, it is important to make sure to only enter passwords when you have performed an action that would require one. Using Software Update is a bit sneaky, because if you have Software Update set to check for updates automatically, it may unexpectedly display a dialog when it has found new updates, but the dialog it presents is different, and looks like this:

After you click on Install, you may see a password request, depending on the type of update being installed.

Intego VirusBarrier X6 with current malware definitions protects against this new version of the Flashback malware; Intego did not need to update its malware definitions to detect this new variant.

Mac Premium Bundle X9
Compre ahora
Prueba Gratuita

Empiece su prueba gratuita con Intego ahora

¡Gracias!

Inserte su dirección de correo electrónico abajo para empezar su prueba gratuita.

Compruebe el correo para verificar su dirección de email y descargar su prueba gratis.

Para continuar recibiendo nuestros emails, por favor, añádanos a su agenda

Proteja su Mac, sus archivos y su familia con el paquete de seguridad más completo disponible.

Más información sobre la protección de virus para Macs

El Centro de Recursos Mac le enseña todo lo que necesita saber sobre cómo mantener a su Mac y su familia segura.

Visite el Centro de Recursos Mac
Conviértase en Socio

Más información sobre cómo convertirse en socio de Intego o unirse a nuestro programa de afiliados.

Regístrese ahora