There's starting to be more and more press about the Flashback Trojan malware for Mac OS X that was discovered last September. According to recent reports, about 600,000 Macs world-wide are infected with this malware. Read on to find out if you might be infected and what to do about it.
As with all malware, one of your best defences, is ensuring you keep your computer up-to-date with the latest updates from Apple and any other software vendors whose software you use (Microsoft, Adobe, etc.) You should also be sure to never run software that you don't know the source of, nor enter your administrator password if you're at all unsure about why it's being asked for.
If you'd like to check to see if your computer is infected with the Flashback Trojan, you can follow the instructions below. Please note that these instructions require typing (or copying and pasting) commands into the Terminal. If this isn't something you're comfortable with, feel free to give us a call and we'd be happy to help.
- Open Terminal from the Utilities folder (in the Applications folder)
- At the command prompt type: defaults read /Applications/Safari.app/Contents/Info LSEnvironment
- If you do NOT see an error like "The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist" you are probably infected with the malware. If you see an error like the one above, continue with these instructions
- At the command prompt type: defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
- If you do NOT see an error like "The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist" you are probably infected with the malware. If you see an error like the one above, you are probably not infected with the malware
- If either of those tests indicates that you are infected, you can get information on how to manually remove it here. If that procedure isn't something you're comfortable with, feel free to give us a call and we'd be happy to help.
This trojan, like most malware continues to evolve, so keep in mind the safety tips from the begining of the article: Keep updated, and don't enter your administrator password without knowing why. As always, we're here to help, so if you have any questions or concerns, please let us know.