Flashback trojan threat ?
 

Comments please, on the vulnerability of linux to this bit of malware going 'round.
Your thoughts are welcome and appreciated.


"Flashback trojan captures over half a million Macs" This headline was copied from a 'Tech-site'.

Matthew

See http://www.f-secure.com/v-descs/troj...shback_i.shtml for details wrt Mac. Sure Java is vulnerable and sure it doesn't help those poor rich OSX users that Apple as usual is being slow fixing things but the exploit thrives on user gullibility. See http://www.oracle.com/technetwork/to...12-366318.html for a change list. Correct me if I'm wrong but I don't see anything Mac-specific there.

flashback-java vulnerability
 

Dear unSpawn,
Thank you for your comments. My question is not about Macs but about Java which I have enabled and the fact that MacOs is unix based. I will be sure follow up on the sites you recommend.
Matthew

macafee released a patch for the os-x bug. [mod removed malicious advice]

Moderator response
 

Hi,
@schneidz

You should never give advice to remove the filesystem as you did. Not funny nor should something of the sort be given as advice since some uninformed user may perform the said action.

Do not do this again! Or you will suffer more than just an infraction or warning.

Why is this in Linux General if it affects OSX ?

I think the original question is whether this could affect Linux. Since it's a bug in Java which works for both Windows and OSX it is, perhaps, worth asking whether it could be exploited in Linux also.

From what unSpawn posted it seems to affect only OSX so far.

Yes, we know.
Do you know whether the Java exploit is present in the Linux build? Does the Mac variant do anything if opened using Linux?

No, you've read it wrong. The F-secure page describes the exploit according to what's been found In The Wild because the exploit currently is available for Mac only. The Oracle change list does not show anything platform-specific.

* The Oracle page also contains a list of CVE identifiers. So if you have a CVELIST=$('links -dump $URI | awk '/\| CVE-20/ {print $2}'|xargs;') then depending on your distribution you could check if those require fixing and if they are yourself. Per-CVE details are at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-yyyy-nnnn (or www.cvedetails.com/cve/CVE-yyyy-nnnn/) for Red Hat / Centos / Scientific Linux see https://access.redhat.com/security/cve/CVE-yyyy-nnnn (or 'yum --cve CVE-yyyy-nnnn'), for SuSE see support.novell.com/security/cve/CVE-yyyy-nnnn.html, for Ubuntu see people.canonical.com/~ubuntu-security/cve/CVE-yyyy-nnnn, for Debian and .*BSD see http://cvechecker.sourceforge.net and for others, well, you either know how to find your distributions SO bulletins or CVE listings yourself already or your distro maintainer(s) simply may not care.

sorry, it was meant to be an obvious joke but i see how it wouldnt be obvious to someone who isnt very computer literate.

my point was that this exploit was a trojan that duped users into typing in their administrator password -- even the best security succumb to human ignorance.

I have not read anything wrong. The report indicates that it is OSX specific. All the paths and software and everything is OSX specific. A separate trojan would have to be written for Linux, because that one wouldn't work.

It is not OS X specific .
If you are still running Java with that bug than it can effect you're system .
So if you are not running OS X install the latest version of JAVA ,
Apple used her own version of JAVA , and she was very late in patching JAVA for OS X .

And who's to say one hasn't been?

BTW, Slackware 13.37 is still shipping 6u-25 and Slackware-current only has 6u-27, so unless you've updated it yourself, you're most likely exposed to far more than this one vulnerability.

I have removed it completely, because I don't trust it and don't need it.