It was inevitable, really -- the increasing popularity of Apple mobile products has driven more and more PC users over to the Mac, and like that innocent little puppy you brought home from the pound, them dog’s got fleas… or in this case, a new Mac trojan known as Flashback.
F-Secure has sounded the alarm for Mac users this week, noting that upwards of 600,000 users may be afflicted by a trojan downloader known as “OSX/Flashback.I” (but you can call it Flashback). But before you run through the streets proclaiming the end of the world is nigh, read on for instructions on how to find out if you’ve got it and what to do about it.
“Trojan-Downloader:OSX/Flashback.I connects to a remote site to download its payload; on successful infection, the malware modifies targeted webpages displayed in the web browser,” explains F-Secure on their website.
Unfortunately, for the moment the only solution is to head into Terminal and copy and paste a few commands -- so the process is recommended only for advanced users. If you’re comfortable with that, head to Applications > Utilities, launch Terminal and dig in -- here’s how to quickly find out if you’ve got Flashback:
1. Run the following command in Terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:
"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"
[STEPS 4 THROUGH 7 OMITTED]
8. Run the following command in Terminal:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:
"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"
If your results show anything other than “does not exist,” we recommend hitting the F-Secure website and following the full instructions to eradicate the Flashback trojan. You can bet that Apple will be patching this Java vulnerability in a forthcoming update, but for now it’s better to be safe than sorry. Let’s be careful out there!
Follow this article’s author, J.R. Bookwalter on Twitter
Rumple
April 09, 2012 at 12:08pm
I'm clean thanks for the tip. I guess once your done you just close the terminal. :)
jefftschwartz
April 06, 2012 at 11:16am
Perhaps this discussion transcends operating systems and should be framed around what our obligations are as good net citizens.
As good net citizens aren't we all obligated to mitigate any vulnerabilities that we Mac users may inadvertently pass on to other net citizens even if we ourselves are somehow immune to?
I personally believe that the answer to that question is yes, we should all be obligated to do that. I would as much hate to pass on malware to people I email with or interact with on the Web as I would be by passing on a cold or flu to my coworkers and family members.
And as that is the case for me then the only way I know how to prevent passing on malware that managed to land on my Mac to others is by using some form of anti malware protection.
pollixx
April 05, 2012 at 11:03pm
From what I'm reading its only if you have Java installed. My computer never came with Java or Flash installed and I intend to keep it that way. I do have chrome, so if its something I need to see, I'll fire up chrome and watch what i need from there. If not, I just switch back to Safari.
Engelsstaub
April 05, 2012 at 2:45pm
I stopped using AV on my Mac a few months ago. I still didn't have it. I haven't been to F-Secure's website but I'm guessing they are selling an AV "solution" for Macs now too ;)
Benisjamin
April 05, 2012 at 11:46am
Any idea why my Terminal wont open and says, "You are not authorized to run this application. The administrator has set your shell to an illegal value." I am the administrator. I think it's been like this ever since I restored from a Time Machine backup.
j_j_montez
April 05, 2012 at 11:18am
No problems here. I'm pretty sure the 600,000 is a far reaching overestimation.
