OS X

The Flashback Trojan: How To Find Out If You’ve Got It and How To Protect Yourself

The past few days have seen the emergence of one biggest Mac malware attacks in recent years in the form of the Flashback trojan. It exploits Java vulnerabilities in non-updated versions OS X to infect the Mac. Luckily there are very simple ways you can find out firstly if you have it, and then how to protect yourself from it.
[wp_ad_camp_2]

How To Find Out If You Have It

  1. Open Terminal and paste the following: defaults read /Applications/Safari.app/Contents/Info LSEnvironment
  2. You should get this error message, “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
  3. Now paste the following: defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
  4. If this appears, “The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist“, you don’t have it.

Now, if at any of the above stages something was different, chances are you’re infected. So it’s best to run through the whole thing again as shown on F-Secure, which should delete it from the system.

How To Protect Yourself From It / Prevent It Happening Again

There are two ways you can do this. One is for Snow Leopard and Lion users and the other is for users of older operating systems like Leopard and Tiger.

For Lion/Snow Leopard:

It could not be simpler. A Java update has already been released which fixes the problem, which you can either get via Software Update or here (Snow Leopard) or here (Lion). If you do that, you will be completely safe to the Flashback malware.

For Leopard, Tiger and older systems:

This is still dead easy to do. All you need is a specific piece of anti-virus software. The malware is programmed to not install when in detects certain pieces of software, one of them being ClamXAV, a great open source anti-virus which I highly recommend. It’s completely free, and you don’t even have to use it to protect yourself. Just have it installed and even if you unwittingly download the Flashback trojan, it will auto-delete itself after detecting ClamXAV.

So that’s it! If you follow the above steps, you shouldn’t have any problems whatsoever with it, and it really is that easy to deal with. It is also worth noting that 50% of the infected computers are in the US, so your chances of actually having it if you live in Europe or elsewhere is fairly film. Still better safe than sorry.

Even though this is by no means funny, there is a strong irony attached to this. 274 of the bots responsible for this are running from, wait for it, Cupertino! That takes some doing, and I’m sure that Apple won’t be at all pleased when they find out (they probably already have)!

Before you go

After spending over 20 years working with Macs, both old and new, theres a tool I think would be useful to every Mac owner who is experiencing performance issues.

CleanMyMac is highest rated all-round cleaning app for the Mac, it can quickly diagnose and solve a whole plethora of common (but sometimes tedious to fix) issues at the click of a button. It also just happens to resolve many of the issues covered in the speed up section of this site, so Download CleanMyMac to get your Mac back up to speed today.

mac-pc

About the author

Chris

I've been a passionate evangelist for Apple and the Macintosh throughout my working life, my first love was a Quadra 605 working with a small creative agency in the south of Norfolk UK in the mid 1990's, I later progressed to other roles in other Macintosh dominated industries, first as a Senior graphic designer at a small printing company and then a production manager at Guardian Media Group. As the publishing and printing sector wained I moved into Internet Marketing and in 2006 co-founded blurtit.com which grew to become one the top 200 visited sites in the US (according to Quantcast), at its peak receiving over 15 million visits per month. For the last ten years I have worked as an Affiliate and Consultant to many different business and start ups, my key skill set being online marketing, on page monetisation, landing page optimisation and traffic generation, if you would like to hire me or discuss your current project please reach out to me here.

You can also follow me on: and

3 Comments

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Hi

    I tried this and none of the commands for files exist, is this the virus or a OS-X version thing?

    ta

    J

  • If none of them exist you haven’t got any problems. Just like I said in the post.

  • Thanks for the information. Although I get “does not exist” for all 3 commands, when I use the Dr. Web Online Web Utility, it tells me my computer (running 10.5) is “probably infected” then lists dates for when the botnet server was first and last accessed. Of course, it then tells me that I should download Dr. Web. Is this just a scam to get me to buy their software, or is the utility believable?