Malware

What is Flashback?

Posted on May 8th, 2012 by

There has been a lot of discussion lately about what Flashback is doing, or what it’s capable of doing. I’m writing here to break this down into its simplest terms. Flashback creates a backdoor into infected machines. This means hackers can come in and do whatever they please.

Some days, or on some specific machines, hackers may choose to redirect the ads that Google shows you. Or they could make your computer spew out ads for Viagra. …Or they could just steal your identity. In short, they can do whatever their mischievous hearts desire.

But it’s not limited to installing components. They can use your machine just the same as you can. They can, and do, use infected machines as a sort of proxy to hack into other (possibly uninfected) machines. Such was the case with one of our own machines that has been set up to monitor Flashback’s activities.

Flashback’s authors’ intent in infecting computers is to control them completely, like mindless puppets. They instruct infected machines to go to a central meeting place, where they await instructions. We have machines set up to monitor the instructions Flashback-infected machines receive. One of the hackers operating the meeting place figured out that our machine was watching their activities. The hacker used a Flashback-infected machine to cover his tracks as he attacked our machine. Once he got in, the hacker modified our machine so it was no longer monitoring them.

These monitoring machines are not heavily guarded so it was a simple task, but it is indicative of the fact that it’s humans running this malware ring. It’s not just a mindless army of puppets carrying out programmed actions; miscreants are pulling the strings, sometimes making decisions on a case-by-case basis.

This is why this threat is most scary. It installs silently and opens infected machines to an almost limitless variety of possible activities. Someone could go through and search for your passwords and credit card information. They could hijack your web traffic and redirect you. They could use your machine’s bandwidth for moneymaking schemes. And they can switch from one activity to another tomorrow.

What do you need to do to protect yourself against Flashback? Make sure you have applied the latest security updates available for Mac OS X. Click on the Apple menu, then choose Software Update and install any available updates. It's also good to use antivirus software. We offer a free 30 day trial of VirusBarrier X6 which will detect and clean Flashback.

  • winnebagocountynews

    If I read this right, the company Intego, claiming to have great security products for Mac, was in fact hacked by the hackers as you monitored the hacking

    • Lysa Myers

      You are correct. That is the whole purpose of the monitoring machines, they’re meant as a lure.

      It’s common practice for malware researchers set up a number of computers and infect them intentionally to see how malware acts. Some common names for these machines are “bait machines”, “sacrificial goats” or “honeypots”. These phrases all mean they’re there to draw some big bad malware into taking our bait.

    • http://www.intego.com Intego

      You are correct. That is the whole purpose of the monitoring machines, they’re meant as a lure.
      It’s common practice for malware researchers set up a number of computers and infect them intentionally to see how malware acts. Some common names for these machines are “bait machines”, “sacrificial goats” or “honeypots”. These phrases all mean they’re there to draw some big bad malware into taking our bait.

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}