Security firm Intego has announced that it has discovered a new variant of the Flashback malware called Flashback.S that continues to use a Java vulnerability Apple previously patched.
No password is required for this variant to install, and it places its files in the user’s home folder, at the following locations:
- ~/Library/LaunchAgents/com.java.update.plist
- ~/.jupdate
It then deletes all files and folders in ~/Library/Caches/Java/cache in order to delete the applet from the infected Mac, and avoid detection or sample recovery.
The virus will not install if it finds Intego VirusBarrier X6, Xcode or Little Snitch installed on the Mac it tries to attack but otherwise is continuing to spread.
Source: Intego
About Rob Gordon
This post was written by Rob Gordon, an IT geek, gadget lover and blogger. Rob has been using the internets since 1994 when the only streaming video was that coffee pot in Cambridge (rip).... Follow Rob on Twitter - @robgordon
- Web |
- More Posts (547)
Posted in 
Tags: 
