Now pointlessly enhanced with AI
From Apple Support:
About Flashback malware removal tool
This Flashback malware removal tool that will remove the most common variants of the Flashback malware.If the Flashback malware is found, a dialog will be presented notifying the user that malware was removed.
In some cases, the Flashback malware removal tool may need to restart your computer in order to completely remove the Flashback malware.
This update is recommended for all OS X Lion users without Java installed.
From Apple Support:
This Java security update removes the most common variants of the Flashback malware.
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
Available for OS X Lion and Mac OS X Snow Leopard (Java for Mac OS X 10.6 Update 8).
It is recommended to disable Java in Safari. Go to Safari Preferences > Security > uncheck “Enable Java”
Apple no longer includes Java runtime with OS X Lion. If you never had any programs that required Java, OS X Lion will not prompt you to download and install the Java update.
A follow up to yesterday post regarding new Malware attack. I received a phone call Friday morning about the same malware. It comes from different website but it definitely the same kind of malware.
Am I supposed to press the “CANCEL” button? Where is it?
Websites that have hacked .htaccess file redirects to:
The fake Windows Antivirus 2012 is running within a web browser (Google Chrome, in this particular case) on a Windows 7, but showing Windows XP interface.
I received a call from a client regarding malware on his customer’s website. It redirects to http:// stecdon . ru/ and displays the fake “your computer has been infected” page that resembles a security software.
I have yet been able to contact the owner of the website regarding the malware.
I’ll post more details when I have it.
UPDATE:
The same infected site redirests to:
On Wednesday November 23rd, 2011; the day before Thanksgiving Day I received a call.
“Hey, just want to let you know I was using my computer and Cloud AV 2012 just installed itself.”
Yeah, that’s a Malware.
I was getting ready for my Thanksgiving trip, so I had to work on this malware problem later. Bleeping Computer has a great instructions on removing Cloud AV 2012.
I am documenting what I’m doing to remove Cloud AV 2012.
I’m going to put this computer on quarantine for a few days and see if Cloud AV 2012 is completely gone.
Apple posts instructions on how to avoid or remove Mac Defender malware.
Apple sure did take the time to prepare the response while many pundits are calling the beginning of the “Mac-Apocalypse.”
One thing any Safari users should disable the Open “Safe” files after downloading preferences in Safari.
There is a legitimate software called MacDefender, and it has nothing to do with the malware.
——-
Note:
“Breaking The Silence” is also an out-of-print CD/Record of a 90’s Hardcore band, One Step Ahead.
I was going through the server log parsing out spammy referrer links and one of the sites triggered a pop-up:
First off, the official OpenOffice.org site is in its name: OpenOffice.org.
This galleries.secure-softwaremanager.com must be spreading malwares. It actually checks the Operating System. Since I was using Camino Browser on Mac OS X, it returned an error message:
I am adding this url to the site blacklist.
By the way, if you are looking into downloading OpenOffice.org, you might want to check LibreOffice. It is a project forked from OpenOffice.org development.
Whois information on secure-softwaremanager.com:
http://www.networksolutions.com
Visit AboutUs.org for more information about SECURE-SOFTWAREMANAGER.COM
<a href=”http://www.aboutus.org/SECURE-SOFTWAREMANAGER.COM”>AboutUs: SECURE-SOFTWAREMANAGER.COM </a>Registrant:
Pinball Corp
3600 1 36th place Se.
Bellevue, WA 98006
USDomain Name: SECURE-SOFTWAREMANAGER.COM
————————————————————————
Promote your business to millions of viewers for only $1 a month
Learn how you can get an Enhanced Business Listing here for your domain name.
Learn more at http://www.NetworkSolutions.com/
————————————————————————Administrative Contact, Technical Contact:
Pinball Corp neteng@pinballcorp.com
3600 1 36th place Se.
Bellevue, WA 98006
US
425-279-1200Record expires on 08-Dec-2011.
Record created on 08-Dec-2010.
Database last updated on 26-Feb-2011 00:44:52 EST.Domain servers in listed order:
NS1.PINBALLCORP.COM
NS2.PINBALLCORP.COM
What is this pinballcorp.com?
Visit Safenames at www.safenames.net
+1 703 574 5313 in the US/Canada
+44 1908 200022 in EuropeDomain Name: PINBALLCORP.COM
[REGISTRANT]
Organisation Name: Pinball Corp
Contact Name: William Freeman
Address Line 1: 3600 136th Place SE
Address Line 2:
City / Town: Bellevue
State / Province:
Zip / Postcode: WA 98006
Country: US
Telephone: +1.0114252791177
Fax:
Email: wfreeman@pinballcorp.com[ADMIN]
Organisation Name: Safenames Ltd
Contact Name: International Domain Administrator
Address Line 1: PO Box 5085
Address Line 2:
City / Town: Milton Keynes MLO
State / Province: Bucks
Zip / Postcode: MK6 3ZE
Country: UK
Telephone: +44.1908200022
Fax: +44.1908325192
Email: hostmaster@safenames.net[TECHNICAL]
Organisation Name: International Domain Tech
Contact Name: International Domain Tech
Address Line 1: PO Box 5085
Address Line 2:
City / Town: Milton Keynes MLO
State / Province: Bucks
Zip / Postcode: MK6 3ZE
Country: UK
Telephone: +44.1908200022
Fax: +44.1908325192
Email: tec@safenames.netThe Data in the Safenames Registrar WHOIS database is provided by Safenames for
information purposes only, and to assist persons in obtaining information about
or related to a domain name registration record. Safenames does not guarantee
its accuracy. Additionally, the data may not reflect updates to billing
contact information.
As suspected, pinballcorp.com looks fishy.