What is Flashback?
“Flashback” is a trojan horse aimed at Mac OS X users that made headlines this week after infecting some 600,000 Mac users worldwide.
The Flashback malware is the biggest Mac security threat to date, and many experts have noted that it heralds the end of Mac users perceived invulnerability to PC-style viral attacks.
Flashback is not a new virus, and first appeared late last year when it duped users by looking like an installer for Adobe’s Flash Player. The Flashback malware now targets Java on Mac OS X and is able to install itself in the background without the user ever being aware of it.
How Do I Tell if I Have Flashback?
There are two ways to do it – the easiest is to go to Dr. Web’s online utility and follow the directions there to determine if your Mac has been compromised. The utility performs a cross-check between a database of known infected computers and your Mac’s own unique identifiers. If it comes back negative, then you’re in the clear.
The alternative is to run a series of command lines on your Mac’s terminal (found under Utilities in the Applications folder). Copy and paste the following lines into Terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If your Mac has been infected by Flashback you’ll see the location of where the malware has installed itself. If you get a report that the above domains “do not exist” then your system is unaffected.
How Do I Get Rid of Flashback?
Firstly, ensure that you download Apple’s latest update to Java which addresses the vulnerability being exploited by the Flashback Malware. While protecting from similar future attacks, the update does not remove Flashback from your system.
If you are affected, refer to these Flashback removal instructions from online security firm F-Secure or this cNET guide by Topher Kessler, which gives a step-by-step guide on how to delete the offending files.