Mac’s are generally known for not having many viruses are malware, however there is a recent trojan – known as Flashback – making the rounds that has infected a large number of Mac’s. Although it has probably only infected a small proportion of the number of Mac’s out there, being the only one that has done any real damage it is worth checking your system to make sure you are safe. There are a variety of tools to remove the system vulnerability.
Removing Flashback Trojan
The trojan makes it way into your system through Java. If you don’t use Java at all I recommend you disable to in the browser you are using. To check that you are not injected you can do one of two things. Run a small apple script app, or a slightly more complex Terminal command.
The apple script app for removing Flashback, can be found on the f-secure website. Download the zip file, extract it and run the app. It only takes a second to run. It can then visually check to see if you system has the malware installed.
If you don’t want to run the apple script you can run two Terminal commands. Open up Terminal located in Applications > Utilities and copy and paste each of the following commands.
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If the result is ‘does not exist’ you have a healthy system. If you get anything else you can use either the flashback removal tool linked to earlier or you can follow the instructions on f-secure.
Protecting Your Self
So how do you protect yourself in the future? The first step is to update you system using Software Update, this will update the Java vulnerability on your system. Apple will soon release an update to detect and remove the trojan, so it is worth keeping your system updated with the latest software.
The next step is to disable Java within the web browser you use. If you don’t use Java there is no reason to have it running.
Hopefully this will help you protecting your self against the latest trojan. Even if you don’t think you have it installed, it is always worth checking.