Robert OToole Photography
  • Archives
  • Apr11

    Example

    Image © 2012 Robert OToole Photography

    What is the Flashback Trojan?

    This is a new version of malicious software called Flashback that exploits a security flaw in Java in order to install itself on Mac OS and has made news headlines all over the world over the last couple of weeks.

    First thing you want to do it update your Mac. Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. Now your Mac automatically checks for software updates every week, but you can run Software Update at any time to manually check for the latest updates – go to the Apple menu and choose Software Update.

    Mac users have been almost in a panic over this in the last couple of weeks thanks to the media. Even though I still have yet to hear of someone from people in the computer industry that actually knows someone that was infected by it I would recommend checking your Macs just in case.

    How to check if your Mac is infected

    Checking your Mac is easy and only takes a few seconds.

    You can find instructions to check your Mac and complete instructions on how to remove it on the F-secure site:

    http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

    To check for the Flashback Trojan go to the Manual Removal Instructions and follow them carefully. This will tell you if you have it in a few keystrokes and how to remove it in a few seconds if you do.

    You will be doing is opening the Terminal app and entering some instructions (commands).

    If you don’t want to run a Terminal command you can also download a free app to check your Mac:

    https://github.com/jils/FlashbackChecker/wiki

    To run the Terminal application go to Applications/Utilities/Terminal

    Type or better yet cut and past from the F-secure site into Terminal:

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    You should see:

    “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”

    This means the Mac you are on is not infected but you are not done yet.

    Next type in the command:

    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    If you see the following then your system is clean.

    “The domain/default pair of (/Users/…/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”

    If you see anything other than the above the F-secure link will give you all the info you need to know how to remove the virus.

    Important Flashback Trojan Links

    Apple’s support page:

    http://support.apple.com/kb/HT5244

    Apple’s support page for manual software update:

    http://support.apple.com/kb/HT1338

    F-secure site:

    http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

    Free Flashback Checker App:

    https://github.com/jils/FlashbackChecker/wiki

    Update April 12, 2012

    Apple has released a security update to take of the Java vulnerability and remove the Flashback Trojan variants. To download just  run Software Update manually by going to the Apple menu and choose Software Update.

    http://support.apple.com/kb/HT5242

    This update disables the automatic execution of Java applets.

    All content (including text, design, photos, layout, and graphics) are copyright © 2012 Robert OToole. All rights reserved.