Mac OS X OSX/Flashback Trojan Detection

critical Nessus Plugin ID 58619

Synopsis

The remote Mac OS X host appears to have been compromised.

Description

Using the supplied credentials, Nessus has found evidence that the remote Mac OS X host has been compromised by a trojan in the OSX/Flashback family of trojans.

The software is typically installed by means of a malicious Java applet or Flash Player installer. Depending on the variant, the trojan may disable antivirus, inject a binary into every application launched by the user, or modifies the contents of certain web pages based on configuration information retrieved from a remote server.

Solution

Restore the system from a known set of good backups.

See Also

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_a.shtml

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_b.shtml

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_c.shtml

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml

http://www.nessus.org/u?7f51a6ed

Plugin Details

Severity: Critical

ID: 58619

File Name: macosx_flashback_i_trojan.nasl

Version: 1.8

Type: local

Agent: macosx

Published: 4/6/2012

Updated: 11/27/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Tenable research analyzed the issue and assigned a score for it.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version