A Flashback isn’t a Good Thing

Apple’s operating system, Mac OS X, has long had the reputation of being invulnerable to viruses or any other malicious attacks.  Then along came the Flashback attack that affected over a half million Macs.

According to an Apple press release, Apple released a Java update on April 3rd that fixes the Java security flaw for systems running OS X v10.7 (Lion) and Mac OS X v10.6 (Snow Leopard). In addition, Apple is developing software that will detect and remove the Flashback malware.

If you don’t want to wait until Apple provides the software to do so, it’s pretty easy to find out if you have the Flashback malware on your own, according to Topher Kessler’s article on CNET’s website.

First, open Terminal. It can be found in your /Applications/Utilities folder.

Next, enter the command:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES.
If you do not have the Flashback trojan, you should receive a message that this pair does not exist.

The second command that you need to enter is:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment.
Again, you should receive a message that this pair does not exist.

Lastly, enter the command:
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
Again, you should receive a message that this pair does not exist.

If these pairs are present, these commands will output a path that points to the malware file, which you should see in the Terminal window.

It is possible that prior variants of this trojan are on your Mac. To check for this, enter the command:
ls -la ~/../Shared/.*.so
If no variants exist, you will receive a message that there is no such file or directory.

If you find that you are unfortunate enough to have the Flashback malware, you can find step-by-step instructions here.

About the Author

Judy Novotny

Judy is a computer veteran with 30 years of experience. She has owned everything from a TRS-80, Apple IIe and various Windows-based PCs. She is currently living in her Apple ecosystem at home consisting of an iPhone, iPad, iMac, MacBook, Apple TV, iPod nano and two Time Capsules. She is a fan of all things mobile since she got her first Palm Pilot in 1999. Check out her iPad app, Number Wizard, in the App Store. Follow her on Twitter @junovotech or at Junovo.com.