Sophos Anti-Virus for Mac Home Edition

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Frequent Advisor
carlos
Posts: 44
Registered: ‎11-02-2010
0

Flashback ..

Options

‎04-03-2012 02:22 AM

Hi,

 

Protect SAV against the new ...

 

http://www.f-secure.com/weblog/archives/00002341.html

 

and all other Flashback.

 

greets

Report Inappropriate Content
Message 1 of 13 (3,813 Views)
 
Reply
VIP
QC
Posts: 238
Registered: ‎11-02-2010
0

Re: Flashback ..

Options

‎04-03-2012 03:50 AM

Hello carlos,

 

you'd have to wait for someone from Sophos for a definite answer. Looking at the analysis of OSX/FlshPlyr-A and OSX/FlshPlyr-B I see that both have been updated very recently (on 2nd and 3rd). There's also OSX/FlshPlyr-C. Of course one can never say all other - there's always a chance that a new variant goes undetected :smileyfrustrated: - but you can be sure they are trying.

 

Christian

Report Inappropriate Content
Message 2 of 13 (3,809 Views)
 
Reply
Employee Agile
Employee
Agile
Posts: 1,191
Registered: ‎11-02-2010
0

Re: Flashback ..

Options

‎04-03-2012 04:45 PM

Christian gave a great summary.

Just for more details:

  • We have tested the files F-Secure was using in their research and we do detect them.
  • OSX/FlshPlyr-C actually detects the installer at a pretty early point.
  • There are now constant new variants of OSX/FlshPlyr being published by the malware author.  SophosLabs has been seeing new variants daily for the past two weeks; we detect most of them pro-actively, and are continually (24/7) monitoring for unexpected tweaks that may break our detection.
-
Andrew
Threat Researcher
SophosLabs

For our other self-service and peer-to-peer online support systems:

Report Inappropriate Content
Message 3 of 13 (3,771 Views)
 
Reply
phil
Occasional Visitor
phil
Posts: 1
Registered: ‎04-04-2012
0

Re: Flashback ..

Options

‎04-04-2012 12:39 AM

Hi

 

so does SAV 7.3.9, engine 3.29.0, Virus-data version 4.75 as of March 5,2012 (enterprise version of SAV provided by my university) also protect me?

 

 

thanks

 

phil

Report Inappropriate Content
Message 4 of 13 (3,750 Views)
 
Reply
VIP
QC
Posts: 238
Registered: ‎11-02-2010
0

Re: Flashback ..

Options

‎04-04-2012 01:52 AM

Hello phil,

 

the free and lincensed versions are indentical in terms of protection. Note that the virus-data version alone is no indicator of up-to-date protection. As new and updated detection identities are constantly issued (several times a day is not uncommon) it is important that threat detection data updates a done frequently.

 

Christian

Report Inappropriate Content
Message 5 of 13 (3,744 Views)
 
Reply
arros
Occasional Contributor
arros
Posts: 5
Registered: ‎04-06-2012
0

Re: Flashback ..

Options

‎04-06-2012 05:15 PM

Hi, Does Sophos protect me from flashback, if flashback was on my computer before I added Sophos? I bought my iMac (10.7.3) recently and did not install Sophos until after I read about the many Macs being infected by this "bot." Thanks for your help. art
Report Inappropriate Content
Message 6 of 13 (3,298 Views)
 
Reply
jhencken
Occasional Collector
jhencken
Posts: 3
Registered: ‎04-08-2012
0

Re: Flashback ..

Options

‎04-08-2012 05:12 AM

I don't know about anybody else, but I don't need more drama in my life.  I read the CNET article about Flashback a couple of days ago and went googling for a detection/solution artilce that could be implemented by a non-geek... much frustration.  Went to the Sophos board and found nothing recent.   Spent a half-hour on the phone with Apple and got precisely nowhere (natch).  

 

 I eventually found a poor (the Russian website) and a good (a user-written script) detection method; it appears my systems are clean.

 

However, it would have been a great blessing if Sophos had simply put a little item on the main webpage saying something like "If you have Sophos installed, you can relax, we took care of the Flashback problem on [give date] and are continuing to monitor for variants that might threaten your system."  Or, if necessary, "Flashback is written by some very clever and aggressive psychopaths, and we're working on it; make sure to update your malware definitions every day."

 

Plea to Apple and also to Sophos: Denial and Avoidance do not help people.  And giving some proper info doesn't even cost much.

 

Things are not going to get better in the malware area.  Can we have a little help here?

Report Inappropriate Content
Message 7 of 13 (2,997 Views)
 
Reply
Employee Agile
Employee
Agile
Posts: 1,191
Registered: ‎11-02-2010
0

Re: Flashback ..

Options

‎04-09-2012 11:25 AM

I suggest you follow our web blog, Naked Security.

 

http://nakedsecurity.sophos.com/tag/flashback/

 

Recent Flashback-tagged entries were posted on April 5 and 7.

 

We also update this website, which is the portal for the Mac Home product.

 

 

Sophos detects the Flashback family as OSX/Flshplyr; the writers of this malware are being very aggressive in their attempts to defeat most AV software, with new variants and tricks popping up every week -- while (currently) failing to install if you have analysis tools installed (XCode and Little Snitch being notable).

-
Andrew
Threat Researcher
SophosLabs

For our other self-service and peer-to-peer online support systems:

Report Inappropriate Content
Message 8 of 13 (2,669 Views)
 
Reply
macphile
Occasional Visitor
macphile
Posts: 2
Registered: ‎04-18-2012
0

Re: Flashback ..

Options

‎04-18-2012 02:21 PM

QC wrote:

Hello carlos,

 

you'd have to wait for someone from Sophos for a definite answer. Looking at the analysis of OSX/FlshPlyr-A and OSX/FlshPlyr-B I see that both have been updated very recently (on 2nd and 3rd). There's also OSX/FlshPlyr-C. Of course one can never say all other - there's always a chance that a new variant goes undetected :smileyfrustrated: - but you can be sure they are trying.

 

Christian

My impression is that these OSX/FlshPlyr variants are part of the anti-virus definitions, rather than stand alones.  But I don't find them in any of the Sophos files on my Mac, so I'm curious about them.  Just what are they, and just *where* are they?

Report Inappropriate Content
Message 9 of 13 (1,309 Views)
 
Reply
macphile
Occasional Visitor
macphile
Posts: 2
Registered: ‎04-18-2012
0

Re: Flashback ..

Options

‎04-18-2012 02:33 PM

macphile wrote:
QC wrote:

Hello carlos,

 

you'd have to wait for someone from Sophos for a definite answer. Looking at the analysis of OSX/FlshPlyr-A and OSX/FlshPlyr-B I see that both have been updated very recently (on 2nd and 3rd). There's also OSX/FlshPlyr-C. Of course one can never say all other - there's always a chance that a new variant goes undetected :smileyfrustrated: - but you can be sure they are trying.

 

Christian

My impression is that these OSX/FlshPlyr variants are part of the anti-virus definitions, rather than stand alones.  But I don't find them in any of the Sophos files on my Mac, so I'm curious about them.  Just what are they, and just *where* are they?

I see that these are the threat names.  I should have done just a bit more research on the Sophos site before posting the above reply.  Sorry for the inconvenience.  Thanks to all who have posted about this new malware threat.

Report Inappropriate Content
Message 10 of 13 (1,302 Views)
 
Reply