There has been a sharp increase in suspicious network traffic from OS X based computers (Apple - Macintosh). UTS believes victim computers are being infected with a trojan known as OSX/Flashback in high numbers.
USC students can contact the UTS Help Desk at (803) 777-1800, M-F 8am - 6pm for support and/or help with getting any infections removed from their computer. The iCARE Center staff at UTS can also make sure you have the right patches and are practicing good computer habits!
- Infection grants an attacker the ability to modify web requests and steal user data sent via Safari and Firefox web browsers on Macintosh computers.
- For desktop and laptop computers, immediate action is recommended. Related Java exploit code is publicly available and being used in the latest browser exploit kits.
- PLATFORMS AFFECTED
- Mac OS X v10.6.x
- Mac OS X Server v10.6.x
- OS X Lion v10.7.x
- OS X Lion Server v10.7.x
- LOCAL OBSERVATIONS
- It appears some of the infections originated from websites that distribute pirated material such as movies and music. It's plausible OSX/Flashback is capable of stealing user credentials because it's behavior occasionally mimics other well know credential stealing trojans. On April 4th, as many as 80 instances of OSX/Flashback infection were detected on USC's Network.
- PROACTIVE PREVENTION MEASSURES
- Most modern cybercriminals use browser exploit kits to attack users, and browser exploit kits rely heavily on Java, Flash, Acrobat/Reader and OS vulnerabilities. Disable, uninstall or consistently update third party applications, and keep your operating systems patched.
- FURTHER READING / VIEWING
- Students can contact the UTS Help Desk at (803) 777-1800, M-F 8am - 6pm for support and help with getting any infections removed from their computer.
Posted: 04/05/12 @ 12:00 AM | Updated: 05/18/12 @ 9:29 AM | Permalink
Previous Article | Next Article