If you’re a Mac User, you better get used to this fact: Those virus-free days are over. Yes, it was good while it lasted, that golden time when you watched, stifling giggles, as hapless PC-users were inundated with a seemingly endless array of cyber-illnesses—your Mac, all the while, staying squeaky clean. That was all before Flashback Trojan. Be afraid, Mac Users, but don’t crawl under the blankets just yet—we’re here with a little background on this latest Mac bug, plus tips on how to avoid getting infected.
What is “Flashback” anyway?
The Flashback Trojan, as it’s been called, has been confirmed by Kaspersky to have currently infected close to 600,000 Mac computers worldwide. While that only represents 12% of total Mac computers sold in Q4, according to Apple data, 98% of all computers infected worldwide are Macs. The bottom line is it’s a serious threat.
How does Flashback get on my Mac?
Flashback Trojan is technically not a Trojan-horse application at all, but something called a “drive-by download” that infects computers by exploiting vulnerability in Web software, in the case of Flashback, Java software supported by Apple.
It masks itself as a web browser plug-in, asking you to be installed. An early form of the Flashback installer, masquerades as an Adobe Flash Player plug-in update—hence the name “Flashback”. This Flashback installer looks very much like the real Flash player update. The malware takes advantage of Java runtime flaws on Mac OS X, prompting people to install it when they visit malicious websites.
Some legit looking but malicious sites ask visitors to install a plug-in in order form them to be able to view their content; that is when Flashback, masquerading as a Flash player or some other browser plug, prompts visitors to make the install. The newer version of the malware is known to install itself silently in the background, without giving any hints of install activity to the Mac user.
What does Flashback do to my Mac?
When Flashback Trojan gets installed, it sends a unique ID back to the malware’s designer who then identifies the infected Mac computer. The virus then copies Mac users’ personal info whenever they use programs like as MSN, or in online forms. Some web site’s also claim that Flashback is also designed to enable the malware designer remotely controls the infected Mac computers.
How do I know if my Mac’s infected?
Your Mac’s ‘Terminal’ tool found in your Applications folder is the best way. After you find the ‘Terminal’ tool, just copy and paste the following code into Terminal window to have it run automatically:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If infected: above command will display the path to where the Flashback Trojan has installed itself.
If clean: the command will display message saying that those domains/default pairs “does not exist.”
How can I protect my Mac from Flashback?
Be careful when installing browser plugins, etc. from unknown sites and services. Update your browser plugins often, downloading them only from sources you trust. In other words, if you need the newest Flash plugin, go right to the Adobe site—don’t just go to any site that offers it. The same, of course, goes for Java updates. And finally, don’t forget to update your anti-viruse software–Norton.com offers a Mac version.
How can I remove Flashback?
See “How do I know my mac’s infacted” above. In your Mac’s Terminal command, you need to manually delete Flashback files from the path(s) that the Terminal command displays.
Great Flashback removal instructions are available at the security site, F-Secure. Also, Oracle has released a Flashback Java Patch, and Apple has issued a Flashback-killing OS update.