Office Hours:
M-F 8:30am – 5:00pm
M-F 8:30am – 5:00pm
Service Desk Hours:
M-F 8:00am – 6:00pm
iCARE Center Hours:
M-F 9:00am - 5:00pm
1244 Blossom St.
(803) 777-1800
servicedesk@sc.edu
|
|
 |
|
|
NEW: Mac OS Malware Attack
There has been a sharp increase in suspicious network traffic from OS X based computers (Apple - Macintosh). UTS believes victim computers are being infected with a trojan known as OSX/Flashback in high numbers.
USC students can contact the UTS Help Desk at (803) 777-1800, M-F 8am - 6pm for support and/or help with getting any infections removed from their computer. The iCARE Center staff at UTS can also make sure you have the right patches and are practicing good computer habits!
- IMPACT
- Infection grants an attacker the ability to modify web requests and steal user data sent via Safari and Firefox web browsers on Macintosh computers.
- URGENCY
- For desktop and laptop computers, immediate action is recommended. Related Java exploit code is publicly available and being used in the latest browser exploit kits.
- PLATFORMS AFFECTED
- Mac OS X v10.6.x
- Mac OS X Server v10.6.x
- OS X Lion v10.7.x
- OS X Lion Server v10.7.x
- LOCAL OBSERVATIONS
- It appears some of the infections originated from websites that distribute pirated material such as movies and music. It's plausible OSX/Flashback is capable of stealing user credentials because it's behavior occasionally mimics other well know credential stealing trojans. On April 4th, as many as 80 instances of OSX/Flashback infection were detected on USC's Network.
- RECOMMENDATIONS
- On April 3, 2012, Apple released a patch in response to the wide spread exploitation of Java vulnerability CVE-2012-0507 on Macintosh based machines. Update your systems ASAP (click here for the link or do a software update).
- Develop a routine for patching your computer(s).
- Educate yourself about the risks associated with seeking pirated or illegal material.
- If possible, disable Java in your web browsers.
- PROACTIVE PREVENTION MEASSURES
- Most modern cybercriminals use browser exploit kits to attack users, and browser exploit kits rely heavily on Java, Flash, Acrobat/Reader and OS vulnerabilities. Disable, uninstall or consistently update third party applications, and keep your operating systems patched.
- FURTHER READING / VIEWING
- Awareness and Training http://www.uts.sc.edu/itsecurity/resources.shtml (see topics "Safe Computing" and "Security Videos")
- The most common browser exploit kit explained http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit
- Removal instructions and analysis http://irhowto.wordpress.com/2012/04/05/flashback-mac-malware-analysis-and-removal/
- http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
- http://www.f-secure.com/weblog/archives/00002336.html
- Patch information http://support.apple.com/kb/HT5228
- Flashback in the news http://www.zdnet.com/blog/security/over-600000-macs-infected-with-flashback-trojan/11345
- SUPPORT
- Students can contact the UTS Help Desk at (803) 777-1800, M-F 8am - 6pm for support and help with getting any infections removed from their computer.
Posted: 04/05/12 @ 12:00 AM | Updated: 05/18/12 @ 9:29 AM | Permalink
| Safety/Emergency Information | Directory: Find People Map: Find Places Calendar: Find Events VIP | Contact and Site Information |
| Columbia, SC 29208 • 803-777-1800 • Webmaster | Privacy Policy | © University of South Carolina Board of Trustees |