Hello carlos,

 

you'd have to wait for someone from Sophos for a definite answer. Looking at the analysis of OSX/FlshPlyr-A and OSX/FlshPlyr-B I see that both have been updated very recently (on 2nd and 3rd). There's also OSX/FlshPlyr-C. Of course one can never say all other - there's always a chance that a new variant goes undetected - but you can be sure they are trying.

 

Christian

Christian gave a great summary.

Just for more details:

• We have tested the files F-Secure was using in their research and we do detect them.
• OSX/FlshPlyr-C actually detects the installer at a pretty early point.
• There are now constant new variants of OSX/FlshPlyr being published by the malware author.  SophosLabs has been seeing new variants daily for the past two weeks; we detect most of them pro-actively, and are continually (24/7) monitoring for unexpected tweaks that may break our detection.

Hi

 

so does SAV 7.3.9, engine 3.29.0, Virus-data version 4.75 as of March 5,2012 (enterprise version of SAV provided by my university) also protect me?

 

 

thanks

 

phil

Hello phil,

 

the free and lincensed versions are indentical in terms of protection. Note that the virus-data version alone is no indicator of up-to-date protection. As new and updated detection identities are constantly issued (several times a day is not uncommon) it is important that threat detection data updates a done frequently.

 

Christian

Hi, Does Sophos protect me from flashback, if flashback was on my computer before I added Sophos? I bought my iMac (10.7.3) recently and did not install Sophos until after I read about the many Macs being infected by this "bot." Thanks for your help. art

I don't know about anybody else, but I don't need more drama in my life.  I read the CNET article about Flashback a couple of days ago and went googling for a detection/solution artilce that could be implemented by a non-geek... much frustration.  Went to the Sophos board and found nothing recent.   Spent a half-hour on the phone with Apple and got precisely nowhere (natch).  

 

 I eventually found a poor (the Russian website) and a good (a user-written script) detection method; it appears my systems are clean.

 

However, it would have been a great blessing if Sophos had simply put a little item on the main webpage saying something like "If you have Sophos installed, you can relax, we took care of the Flashback problem on [give date] and are continuing to monitor for variants that might threaten your system."  Or, if necessary, "Flashback is written by some very clever and aggressive psychopaths, and we're working on it; make sure to update your malware definitions every day."

 

Plea to Apple and also to Sophos: Denial and Avoidance do not help people.  And giving some proper info doesn't even cost much.

 

Things are not going to get better in the malware area.  Can we have a little help here?

---

QC wrote:

Hello carlos,

 

you'd have to wait for someone from Sophos for a definite answer. Looking at the analysis of OSX/FlshPlyr-A and OSX/FlshPlyr-B I see that both have been updated very recently (on 2nd and 3rd). There's also OSX/FlshPlyr-C. Of course one can never say all other - there's always a chance that a new variant goes undetected - but you can be sure they are trying.

 

Christian

---

My impression is that these OSX/FlshPlyr variants are part of the anti-virus definitions, rather than stand alones.  But I don't find them in any of the Sophos files on my Mac, so I'm curious about them.  Just what are they, and just *where* are they?

---

macphile wrote:

---

QC wrote:

Hello carlos,

 

you'd have to wait for someone from Sophos for a definite answer. Looking at the analysis of OSX/FlshPlyr-A and OSX/FlshPlyr-B I see that both have been updated very recently (on 2nd and 3rd). There's also OSX/FlshPlyr-C. Of course one can never say all other - there's always a chance that a new variant goes undetected - but you can be sure they are trying.

 

Christian

---

My impression is that these OSX/FlshPlyr variants are part of the anti-virus definitions, rather than stand alones.  But I don't find them in any of the Sophos files on my Mac, so I'm curious about them.  Just what are they, and just *where* are they?

---

I see that these are the threat names.  I should have done just a bit more research on the Sophos site before posting the above reply.  Sorry for the inconvenience.  Thanks to all who have posted about this new malware threat.