600mila MacOsx infettati da un worm!!!

In principio era Windows, ora tocca al MacOSX. Non era mai successo, nella storia di Apple, che il sistema operativo MacOsX fosse attaccato così in larga scala (in Italia è stimato lo 0,3%, 57% in USA e 20% in Canada). I numeri dicono 600mila MacOsX infettati.

Il virus si chiama “Flashback” ed è stato scoperto da Dr. Web, azienda Russa di antivirus. Cupertino ha già rilasciato una patch per risolvere il problema.
Se volete vedere se anche il vostro Mac è stato infettato dovete aprire il terminale e digitare il seguente comando:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

Se la risposta è la seguente potete stare tranquilli:

“The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”

Flashback si insinua nel sistema utilizzando una vulnerabilità Java dei browser internet Safari. Inizialmente il malware arrivava nei computer camuffato da estensione per Flash.

Qui di seguito viene riportata la procedura completa per risolvere il problema:

1 – Aprire il terminale e digitare “defaults read /Applications/Safari.app/Contents/Info LSEnvironment”
2 – Prendere nota dei codici DYLD_INSERT_LIBRARIES e premere nuovamente invio
3 – Se si riceve un messaggio d’errore simile a “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist” non si è infetti.
4 – Se i file vengono effettivamente trovati, digitare “grep -a -o ‘__ldpath__[ -~]*’ %percorso_del_punto_2% ” e prendere nota del valore di fianco a “__ldpath__”
5 – Eseguire i comandi “sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment” e “sudo chmod 644 /Applications/Safari.app/Contents/Info.plist”, cancellando poi i file trovati nel secondo punto e nel quarto.
6 – Eseguire il comando “defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES” e, se si riceve un messaggio come “The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist” il trojan è stato correttamente rimosso. In caso contrario, eseguire nuovamente “grep -a -o ‘__ldpath__[ -~]*’ %percorso_del_punto 4% “, prendendo nota dei valori.
7 – Dopo aver eseguito “defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES launchctl unsetenv DYLD_INSERT_LIBRARIES”, cancellare i file indicati nei punti precedenti.

Ad maiora

Annunci

Messo il tag:, , , , , , , , , , , , , , , , , , , , ,

70 thoughts on “600mila MacOsx infettati da un worm!!!

  1. english coin 1965 churchill 20 aprile 2012 alle 12:08 Reply

    From the actual Royal Perfect on February Fifteenth 1971, the reverse regarding a couple of pence features the particular Marker of the Knight in shining armor associated with Wales: any plume regarding ostrich feathers in a coronet over the German saying “ICH DIEN”

    Mi piace

  2. this can be something we’ve under no circumstances at any time read.pretty thorough evaluation.

    Mi piace

  3. How to Avoid Dangerous Dog Toys 20 aprile 2012 alle 15:16 Reply

    I was wondering if you ever considered changing the layout of your blog? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having one or two images. Maybe you could space it out better?

    Mi piace

  4. epilateurelectrique 20 aprile 2012 alle 15:26 Reply

    Thank you for the sensible critique. Me & my neighbor were just preparing to do a little research on this. We got a grab a book from our local library but I think I learned more from this post. I am very glad to see such wonderful information being shared freely out there.

    Mi piace

  5. casque sans fil 20 aprile 2012 alle 16:52 Reply

    I was looking at some of your articles on this website and I believe this internet site is rattling informative ! Retain posting .

    Mi piace

  6. Claud Schlichting 21 aprile 2012 alle 17:03 Reply

    Hi this is a truly complex weblog that you put info on. The strange is that I assume there is a bunch additional spam than you recognize. Possibly you know that presently however simply in instance you didn’t right now you perform. I subscribed to the reviews because I prefer to below your valuable details since I take it heart as well as live by your term.

    Mi piace

  7. 4/20 weed 21 aprile 2012 alle 17:40 Reply

    I am no longer sure where you’re getting your info, but great topic. I must spend some time learning much more or figuring out more. Thanks for magnificent information I was in search of this info for my mission.

    Mi piace

  8. quiet title 21 aprile 2012 alle 18:13 Reply

    Hey this is a truly complicated blog site that you place data on. The strange is that I believe there is a lot even more spam than you recognize. Possibly you recognize that currently but simply in instance you didn’t now you accomplish. I signed upped to the reviews because I prefer to observe your useful information considering I take it heart and also live by your term.

    Mi piace

  9. Susan Novitski 23 aprile 2012 alle 10:13 Reply

    This is a topic that is close to my heart… Many thanks! Where are your contact details though?

    Mi piace

  10. increase your traffic 30 aprile 2012 alle 8:44 Reply

    Very interesting subject , thanks for posting . “The friendship that can cease has never been real.” by Saint Jerome.

    Mi piace

  11. recipes chicken 30 aprile 2012 alle 10:49 Reply

    Very interesting info !Perfect just what I was looking for!

    Mi piace

  12. keith 30 aprile 2012 alle 12:13 Reply

    I genuinely enjoy looking at on this web site, it holds fantastic articles. “A short saying oft contains much wisdom.” by Sophocles.

    Mi piace

  13. speech wedding 30 aprile 2012 alle 12:21 Reply

    Thanks for every one of your labor on this web site. My aunt takes pleasure in making time for internet research and it is simple to grasp why. My spouse and i learn all concerning the lively medium you create good tactics through your web blog and as well as inspire response from some others on that subject and our favorite girl is undoubtedly discovering so much. Take advantage of the rest of the new year. You are always performing a remarkable job.

    Mi piace

  14. maria 30 aprile 2012 alle 13:41 Reply

    Some truly prize content on this site, bookmarked .

    Mi piace

  15. hair 30 aprile 2012 alle 17:44 Reply

    Enjoyed examining this, very good stuff, thanks .

    Mi piace

  16. click 6 maggio 2012 alle 3:27 Reply

    I tried looking at your web site with my cellphone and the structure does not seem to be correct. Might wanna check it out on WAP as well as it seems most cellphone layouts are not really working with your web page.

    Mi piace

  17. adderall no prescription 6 maggio 2012 alle 13:37 Reply

    nice deb blog

    Mi piace

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...

%d blogger hanno fatto clic su Mi Piace per questo: