News: Half a Million Macs Affected by Flashback Trojan! Eradicate It Before It's Too Late

Half a Million Macs Affected by Flashback Trojan! Eradicate It Before It's Too Late

Half a Million Macs Affected by Flashback Trojan! Eradicate It Before It's Too Late

Watch out Macs. Flashback is back.

Variations of the trojan have reportedly infected 600,000 Mac computers around the globe, with about 57 percent in the U.S. and another 20 percent in Canada.

Dr. Web, who discovered the spreading Flashback, said that these trojans install themselves on your computer after visiting compromised/infected webpages on the Internet. Then the Flashback trojans search your infected Macs for any of the following antivirus applications.

  • /Library/Little Snitch
  • /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
  • /Applications/VirusBarrier X6.app
  • /Applications/iAntiVirus/iAntiVirus.app
  • /Applications/avast!.app
  • /Applications/ClamXav.app
  • /Applications/HTTPScoop.app
  • /Applications/Packet Peeper.app

If any are detected, the trojan deletes itself. If none of the searched for antivirus apps are found, it continues to generate a list of botnet control servers and begins checking in with them. If you've been infected with this trojan, chances are a virus is the next step.

Eradicate It

A patch for the Java vulnerability has been issued by Apple, so if you've got a Mac, hit up your Software Update to download the latest Java update for OS X. But what if you already have the Flashback trojan on your computer?

F-Secure has some great instructions for using Terminal to find out if you do or do not have the trojan installed. If you don't, great. Just install the latest Java update. If you do, you'll also get instructions for manually deleting the files.

Go see if you're infected now and delete malware files!

If you get back "these do not exist" after running these four strings, you should be fine.

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read /Applications/Google\ Chrome.app/Contents/Info LSEnvironment

Photo by techtips

2 Comments

Yay, I'm clean..
Xcode counts as antivirus? That's news to me.

Share Your Thoughts

  • Hot
  • Latest