Over 600,000 Macs infected with Flashback Trojan


Per this article, this Trojan steals user names and passwords to popular websites by monitoring his or her network traffic, exploiting a Java security hole that Apple only addressed recently with a software update.

Over 600,000 Macs infected with Flashback Trojan
Posted by: Soren Dreier
Zen-Haven.dk

Advertisements

3 Comments

Filed under Apple Software, News Briefs, Privacy, security, Viruses and Spam

3 responses to “Over 600,000 Macs infected with Flashback Trojan

  1. admin

    Ran ClamXav, which found quarantined a Library file called Java.Connection-4. Deleted suspect file, installed Java fix using Software Update, and restarted Mac. Re-ran ClamXav again, which did not find evidence of another virus.

  2. admin

    How to detect if your Mac is infected with the Flashback Trojan:

    Open Terminal. Copy and paste the line below, then press the “enter” key:
    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    Hopefully, it will output the following line:
    “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”

    Next, copy and past the below line, then press the “enter” key:
    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    Hopefully, it will output the following line:
    “The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”

    If you do not get those exact output lines, you probably have an infection.

    Source: Tim Carter, Nationally Syndicated Newspaper Columnist

  3. admin

    About Flashback malware
    Apple Knowledge Base article HT5244
    Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s