Approximately 300,000 Macs in the United States and 600,000 globally have been infected with Flashback trojan, according to Russian Security firm Doctor Web. Infected machines become part of a botnet, available to carry out instructions on behalf of the hacker and can steal password and other personal information from your computer.
According to Dave Marcus, Director advanced research and threat intelligence for McAfee Labs. “There has been a significant increase in Mac malware in the last several quarters, so what we’ve seen with the Flashback Trojan isn’t particularly surprising. Attackers are leveraging years of success from writing PC malware and they’re doing the same thing in the Mac world. Cybercriminals will attack any operating system with valuable information, and as the popularity of Macs increase, so will attacks on the Mac platform."
We're not particularly surprised by the existence of the Flashback Trojan either, but it is the first Mac malware we've heard of that can infect machines without user cooperation. To become infected, all you need to do is visit an infected website to initiate a drive-by download. The Flashback trojan may prompt you for an administrator password, but even if you don't enter it, the malware will still infect your system. And since most Mac users aren't running anti-malware software, they may never know it's there.
So how do you find out if you have Flashback?
Go to the Applications folder, open the Utilities folder and launch the Terminal application. Then, one at a time, cut and paste in the following code and hit Enter:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If you’re clean, you’ll see a message that says that those domain/default pairs does not exit.
How to fix your Mac if you’re Infected
To remove the Flashback, you’ll need to open the Terminal application and follow the step-by-step instructions from Security Firm F-Secure. but the process isn't easy and F-Secure recommends it only for advanced users. So you may want to look into a computer tech support service to walk you through it.
How to protect your Mac
Apple has released a fix for the security hole that allow the Flashback trojan to install. To get the fix, click on the Apple icon in the upper left corner or your Mac and select Software Update. Look for and install the “Java for Mac OS X” update.
Apple is actually pretty good about protecting Macs with its own malware and virus scanning tools. So make sure you keep your software updated through the Software Update application, don’t download software for any source unless you trust it, and consider investing in security software for you Mac.