Mac Flashback Trojan: Find Out If You're One Of The 600,000 Infected

There's a new Mac trojan that's been floating around, and it's terrifying everyone. It's written in an unknown language, doesn't even need your password to compromise you and now it's apparently infected 600,000 users. Here's how to use Terminal to check if you're one of the unlucky many.

The instructions come from F-Secure, which also details how you can remove the trojan if your Mac is affected. But let's not put the cart before the virus; here's how to see if you're clean.

First, open Terminal from your Utilities folder. If you've never ever done that before, don't be scared! It's a nice way to turn your Mac into a computer you actually have some control over.

Then, once you're in, follow these easy steps to detection:

1. Run the following command in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

2. Take note of the value, DYLD_INSERT_LIBRARIES

3. Proceed to step 8 if you got the following error message:

"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"

If you don't get that error message, well, time to head to F-Secure for your fix. If you're clean so far, you can move on to step eight:

8. Run the following command in Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:

"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"

In other words: "does not exist" means you've got a healthy rig. Anything else, just keep following F-Secure's instructions to vanquish the intruder. And even if you get the all clear for now, don't wait on downloading the security update that patches the Java vulnerability that started this whole mess. [F-Secure via Ars]


Comments

    You could just call in the Seals: http://www.geekculture.com/joyoftech/joyarchives/1539.html

    "If you’ve never ever done that before, don’t be scared! It’s a nice way to turn your Mac into a computer you actually have some control over."

    Spoken like a true snobby computer nerd who's connections to the real actual world is tenuous at best. Perhaps you best get back to compiling your latest Linux build while the rest of us are doing... you know.... FUN things with our computers.

    PS: Thanks HEAPS for guys like you creating all the FUN things the rest of us get to use... just don't expect us to CARE about all the under-the-hood techno jibberish that you people obsess over. :)

      Linux master race reporting in...

        Watta dick you are.

        Newsflash, TimJ... people do care. People care deeply that there is a place they can go and be helped by those who are tech savvy.

        Go run along and do something you are capable of understanding and therefore finding "FUN" ... perhaps a nice game of tic-tac-toe would be more your speed.

      "just don’t expect us to CARE"

      Why are you here, was it mistake?

      Says Life*hacker* right on the tin, Tim.

    Yo TimJ, don't sweat it mate. Relax, have a beer. LOL!

    And once again! Not the fault of apple but of JAVA!
    That's why apple doesn't like it!
    Why it's not on the iPhone/iPad

      Straight from java.com
      " Apple supplies their own version of Java."

      Who do you want to blame for that?

    Flashback will delete itself if it finds that you've installed Skype or MS Office, among other things. Of course everyone should dive into Terminal and take control of their computer, goes without saying.

    In regards to "Take note of the value, DYLD_INSERT_LIBRARIES", what value are they talking about?

Join the discussion!

Trending Stories Right Now