Sophos Cloud Optix
The remote Russian region of Mordovia, famed for its prison camps, may be the home of the author of the most notorious malware ever to hit Mac computers – the Flashback Trojan horse (called OSX/FlshPlyr-A by Sophos products).
The Flashback malware hit more than 600,000 Mac computers in early 2012, posing as a bogus installer for Adobe Flash and exploiting an unpatched vulnerability in Java.
Despite the malware’s prevalence on Mac computers and the high media profile it achieved after even hitting hundreds of Mac computers in Cupertino, the computer crime fighting authorities have made no arrests in connection with Flashback.
Award-winning security blogger Brian Krebs has written today about his investigation into who might have been behind Flashback.
Krebs’s investigation took him to Russian-language forums belonging to the computer underground, where he found a user called “Mavook” claiming to be the author of Flashback, and saying that he specialised in finding security exploits and creating botnets.
Combing the net for further information, and digging through historic website registration records, Krebs went on to link “Mavook” with Maxim Selihanovich, a man in his thirties, living in the city of Saransk, in Mordovia.
You can read more about the clues Krebs pieced together in his blog post.
Apple in snow image from Shutterstock.
Are installations of Sophos anti virus for mac falling off again? Go on Sophos, cary on creating a culture of fear to push your products:-(
Umm.. I know I shouldn’t really feed the troll.. but how specifically we creating fear in this article?
All these security bulletins are intended to create a culture of awareness of the dangers lurking in cyberspace. Call it fear if you wish. It does not cause me to be terrified, but encourages me and many others to take sensible precautions.
If you don't want to know, then don't read the bulletins. Ignorance is bliss – until it no longer is bliss.
Will it have been detected by Sophos Anti-virus software?
Yes, Sophos products have been detecting it for more than a year: OSX/Flshplyr-A and various variants.
Thanks for the update! I get update requests for flash all the time on my Mac. This malware is kind of ingenious, yet creepy. I just ran my Sophos check the other day, and all was clean. I appreciate the updates to keep us informed. I don't see it as a ploy to sell products. It is the security industry (companies like Sophos) that find these types of malware and help protect our systems.
@GMD
Another Mac zealot that thinks OS X is OpenBSD. Some how AV, always seems to be the anti-Christ to these guys. AV is not the answer, but it is another layer.
There is NO difference between Windows 7/8 and OS X when they both get pwnd by an authentication by-pass dropper through third party software. Gatekeeper and X-Protect can be by-passed with ease by a skilled malware writer.
Windows and OS X a equally hardened as a base goes, it is the third party software that lets the pathway to use the vulnerabilities and both OSes are equally vulnerable. OS X is actually more vulnerable because it has not been vetted by skilled malware writers( except for the Moldavia guy) yet and it is BSD and has 1/3 more code to find those vuls in. It is truly security through obscurity! OS X is still not on organized crimes to-do list.
Eset found it first
Your right. People can see things – others overlook, if sophos – this blog, had not reported it, I would of never known. People pick and choose how to use knowledge for good or bad, therefore Malware.
Maybe Sophos was the first, to clearly define it, yet something we were using did, more than a year ago, Norton was detecting something that prevented me from using my HP Printer, or some other software did, yet not clearly explained, I had the same reaction, when Nvidia was affected, there was a conflict, not clearly stated, I had to buy a different printer to be able use a printer, which did far better in many ways.
Posted by gmd: "Are installations of Sophos anti virus for mac falling off again? Go on Sophos, cary on creating a culture of fear to push your products"
To "gmd": With all the syntax errors (spelling, punctuation, capitalization) in your post, it's no surprise that it also reveals a breathtaking depth of cluelessness. I suppose the malice is thrown in as a bonus.
It's difficult to understand how you expect to succeed in portraying Sophos as some kind of bad guy for providing the free Sophos Anti-Virus for Mac, and for providing the excellent NakedSecurity blog (also free).
Get back on your meds. You're embarrassing yourself.
@Samuel
I think Dr. Web found it first. Graham can find that out I would think. Graham???
Umm.. not quite sure why there’s so much interest in discovering who found this malware first. Especially as it was over a year ago!
The important thing is that up-to-date anti-viruses protect Macs against it. 🙂
And people say that Macs can't get malware.