Copy link to clipboard
Copied
There's a lot of press in the PC world about how Macs are now enduring a malware attack. It's called the Flashback Trojan, and it apparently masquerades as an application to upgrade the Flash player. The information I have found on the web tells how to detect if you have it (I don't) and reaassures us that Apple has now fixed the problem.
What I have not been able to find is what the infection procedure looks like; more specifically, how can I tell the difference between malware and a legitimate Adobe upgrade?
In particular, when an alert box pops up that says...
"Install Adobe Flash Player.app" is an
application downloaded from the internet.
Are you sure you want to open it?
How can I be sure that the product came from Adobe?
--Gil
The latest Flashback trojan actually was Java related. However, you can always make sure you get the official version of Flash by going to get.adobe.com/flashplayer
Copy link to clipboard
Copied
The latest Flashback trojan actually was Java related. However, you can always make sure you get the official version of Flash by going to get.adobe.com/flashplayer
Copy link to clipboard
Copied
Oh. Java. Flashback is about Java, not Flash Player. How silly of me. Sorry.
Thank you for clearing that up, Chris.
--Gil
Copy link to clipboard
Copied
I believe the initial version of Flashback (back in October 11 I think) was a rogue installer that was masquerading as a Flash Player installer. Another reason to make sure you download from adobe.com
Copy link to clipboard
Copied
I guess the problem I was addressing occurs at the time one sees this alert:
"Install Adobe Flash Player.app" is an
application downloaded from the internet.
Are you sure you want to open it?
Regardless of where you or I *think* the application may have come from, is there any way to doublecheck that the app on which you just double-clicked is not the imposter?
How are the legit installer and the malware different? Is there, perhaps some small difference in their icons, or does one of them have something spelled differently? You know -- the stuff they pass around about counterfeit twenties -- How is it different?
All the web descriptions of the October Flashback say that it "masquerades" as a Flash Player installer, but they do not give details. Just how good is this "masquerade"? What does the counterfeit installer do, or look like, that's different from the McCoy? Does it engender the same alert box, or is it slightly different in any way? I would like to have a way to doublecheck before I agree to open it.
--Gil
Copy link to clipboard
Copied
Hi Gil,
I believe that this process will get easier in upcoming OS X releases, but in the meantime you should be able to verify that a Flash Player installer is from Adobe by using the digital signature embedded within the binary. You can do this via the command line in a terminal session. First, mount the installer .dmg and in a terminal window, type:
codesign -v -d -v /Volumes/Flash\ Player/Install\ Adobe\ Flash\ Player.app/
You'll get info back, and in particular you should see an Authority entry listing out Adobe Systems Incorporated.
Chris
Copy link to clipboard
Copied
Well, thanks, Chris. That is indeed a helpful reply. I'll give it a try.
--Gil