In association with heise online

20 April 2012, 09:38

Worth Reading: An analysis of the Flashback/Flashfake trojan

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Malware icon Kaspersky Lab's Alexander Gostev has examined the Flashback/Flashfake trojan that recently infected more than half a million Mac OS X systems. Among other things, Gostev describes how specially crafted WordPress pages were used to attack Mac users with four different Java applets, initially in order to install a custom downloader.

This component then downloaded the actual botnet client in encrypted form and tried various different ways of anchoring itself into the system. If a user failed to input their administrator credentials when prompted by the malware installer, the trojan used the dynamic DYLD loader to hook into a number of processes as a library.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit