Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | The Best Holiday Gifts | Best Fitness Trackers Under $50 | Complete Guide to Facebook Privacy

Top News Stories

author photo

Flashback Malware Hits 600,000 Macs

by on April 06, 2012
in Computers and Software, News, Computer Safety & Support, Blog :: 18 comments

Approximately 300,000 Macs in the United States and 600,000 globally have been infected with Flashback trojan, according to Russian Security firm Doctor Web. Infected machines become part of a botnet, available to carry out instructions on behalf of the hacker and can steal password and other personal information from your computer.

According to Dave Marcus, Director advanced research and threat intelligence for McAfee Labs. “There has been a significant increase in Mac malware in the last several quarters, so what we’ve seen with the Flashback Trojan isn’t particularly surprising. Attackers are leveraging years of success from writing PC malware and they’re doing the same thing in the Mac world. Cybercriminals will attack any operating system with valuable information, and as the popularity of Macs increase, so will attacks on the Mac platform."

We're not particularly surprised by the existence of the Flashback Trojan either, but it is the first Mac malware we've heard of that can infect machines without user cooperation. To become infected, all you need to do is visit an infected website to initiate a drive-by download. The Flashback trojan may prompt you for an administrator password, but even if you don't enter it, the malware will still infect your system. And since most Mac users aren't running anti-malware software, they may never know it's there.

So how do you find out if you have Flashback?

Go to the Applications folder, open the Utilities folder and launch the Terminal application. Then, one at a time, cut and paste in the following code and hit Enter:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you’re clean, you’ll see a message that says that those domain/default pairs does not exit.

How to fix your Mac if you’re Infected

To remove the Flashback, you’ll need to open the Terminal application and follow the step-by-step instructions from Security Firm F-Secure. but the process isn't easy and F-Secure recommends it only for advanced users. So you may want to look into a computer tech support service to walk you through it.

How to protect your Mac

Apple has released a fix for the security hole that allow the Flashback trojan to install. To get the fix, click on the Apple icon in the upper left corner or your Mac and select Software Update. Look for and install the “Java for Mac OS X” update.

Apple is actually pretty good about protecting Macs with its own malware and virus scanning tools. So make sure you keep your software updated through the Software Update application, don’t download software for any source unless you trust it, and consider investing in security software for you Mac

Via Cnet



Discussion loading

gravatar

A Very Useful Post

From Jim S. on April 06, 2012 :: 10:18 am

No infection here, but a very useful post nonetheless.

-JS

Reply

gravatar

I was not able to

From Sandy on April 06, 2012 :: 10:30 am

I was not able to find the Terminal Application in my Applications folder.  Could it be found elsewhere or listed as another Application?

Thank you.

Reply

gravatar

RE: I was not able to

From Stacy on April 06, 2012 :: 11:33 am

I had the same problem.  I was able to go to the Magnifying Glass icon in the upper right corner of my MacBook Pro.  Type Terminal in the Spotlight field, then select the Terminal application.  Proceed to copying and pasting the above codes.  I was virus free - yeh!

Reply

gravatar

It's in the utilities folder

From Dana H on April 06, 2012 :: 3:34 pm

It’s in the utilities folder in the Applications folder.

Reply

gravatar

Trying looking for Terminal in

From Daniel Freedman on April 06, 2012 :: 11:31 am

Trying looking for Terminal in your Utilities folder.

Applications - Utilities - Terminal

Reply

gravatar

Thank You

From Aileen Gardner on April 06, 2012 :: 12:07 pm

I checked, and no infection; also downloaded Java for MAC OS X update.  Thank you for the info.

Reply

gravatar

Be safe and Proactive with ESET Cybersecurity for Mac

From Bonnie on April 06, 2012 :: 12:21 pm

ESET has worked very close with Apple for many years to develop security software that is the only security software on Apple shelves. Over the years ESET technology virus labs has notified Apple of security issues before they were aware.

Be proactive, the days of Apple devices being safe are gone. Protect yourself, your friends and family.  Consumer Reports just awarded ESET top security product 4 years in a row. ESET Is owned and operated by engineers and scientist. They are dedicated to development and continuously producing products that are effective. Check out the ESET web site awards and buy consumer products from your local Apple, Fry’s, MacMall, Office Store’s, and Newegg. ESET also offers great interactive security trainings.

Harvard University and many financial, legal businesses have been proactively protecting their systems with ESET products for years.

A note on products that always sell for net to free you have to ask how can they make money to invest back into quality engineering and development. They don’t that is why the 3rd party testing labs who can not be bought publish true results of these big name marketing companies with such low ratings in catching viruses and delivering proactive security.

Reply

gravatar

Thank you - very good post - you make tech easy

From Doug on April 06, 2012 :: 1:04 pm

Wow Suzanne I have not been following you long but your insights and posts are great. You really know how to boil the tech down to very understandable English easy to understand statement and instructions. Thank you.

Reply

gravatar

All I get is a little box

From Kevin Kelly on April 06, 2012 :: 1:14 pm

When I click Terminal App a little box opens referring to log ins and when I copy and paste the codes provided, nothing happens.
Any suggestions?

Reply

avatar

Did you hit Enter after

From Josh Kirschner on April 06, 2012 :: 5:05 pm

Did you hit Enter after pasting each line of code?

Reply

gravatar

Yes I hit Enter after each line - see comment

From Kevin Kelly on April 06, 2012 :: 6:26 pm

This is what appeared after I hit enter.


The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

Reply

gravatar

Kevin, you're clean

From Andre on April 07, 2012 :: 6:09 am

If that message pops up every time, your Mac is fine,

gravatar

not just mac

From Robert on April 06, 2012 :: 4:47 pm

Woke up to find my HP notebook was infected and running a shared background program that disabled my keystroke encryption security and tracked my mouse clicks. Traced it via scans back to the Apple Quicktime Player’s “Active-X” program. It got through Norton and Comcast protocols. After uninstalling all running Apple programs everything was back to normal.

Reply

gravatar

Thank you

From Aicra on April 07, 2012 :: 4:17 pm

This is a great article. Thank you for including directions on how to check for the malware. I checked and my system isn’t infected. Currently, I’m ordering additional security.

Reply

gravatar

Mac Security

From Roberto Chavez on April 09, 2012 :: 6:24 pm

Could you please share what you have decided to use for security on your Mac? Thanks!

Reply

gravatar

I don't think I've seen a more technically deficient article!

From Steve Nordquist on April 07, 2012 :: 4:48 pm

You don’t say whether it’s a Flash, PPC or x86, Firefox/Safari or other vulnerability, or what antivirus programs and system patches are effective against it; so I’m not sure why you wrote anything, beyond dropping those tells (above the break, I say!)

I did need more links to Russian security firms [checks: not in Russia…] after all that ‘naw, everyone good went off to Israel etc.’ thing. It is sort of life-affirming, or EnglishRussia-Affirming at least.

Speaking of investing in infosec companies, where CAGR is 43-94% where it’s stable at all, any picks to pass the shakeout of the next 8 years (may as well get the Humble Pesach Bundle?)

Reply

gravatar

Thank you all for the

From Sandy on April 09, 2012 :: 10:50 am

Thank you all for the suggestions - I found Terminal in my Utilities - and I don’t have the virus.  smile

Reply

gravatar

very useful post

From Bradley Stephen on April 10, 2012 :: 11:37 am

thank you for this useful post.

Reply

© 2015 Techlicious LLC. Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us | Terms of Use | Privacy Policy

site design: Juxtaprose