20 April 2012, 09:38
Worth Reading: An analysis of the Flashback/Flashfake trojan
Kaspersky Lab's Alexander Gostev has examined the Flashback/Flashfake trojan that recently infected more than half a million Mac OS X systems. Among other things, Gostev describes how specially crafted WordPress pages were used to attack Mac users with four different Java applets, initially in order to install a custom downloader.
This component then downloaded the actual botnet client in encrypted form and tried various different ways of anchoring itself into the system. If a user failed to input their administrator credentials when prompted by the malware installer, the trojan used the dynamic DYLD loader to hook into a number of processes as a library.
- The anatomy of Flashfake Part 1, from Alexander Gostev of Kaspersky Lab.
(crve)
Print Version | Send by email
| Permalink: http://h-online.com/-1543565
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
