The Flashback Trojan was a rude wake-up call for many Mac users. At the time of this writing, the number of infected users is nearing the 700k (Update: 140K) mark, which accounts for at least 1 out of every 100 Macs worldwide. I’ll point you to the steps you can take to see if your Mac is infected, and if so, how to get rid of it.
In a nutshell, Flashback (also known as Flashfake) is a Trojan that takes advantage of a Java-based vulnerability to simulate an Adobe Flash update. Although seen last year with an installer, the recent version of the Trojan infects Mac users who happen to visit any one of a number of compromised websites. Once the connection has been made, Flashback (like all Trojans) attempts to install a payload that can result in the remote download and installation of malicious code.
Mac Invulnerability Debunked
The myth of Apple invulnerability has had some holes since at least 1982, with a little virus known as the “Elk Cloner” that predated PC viruses by several years. The modern history of Mac malware began with the relatively widespread threats of Autostart 9805 and Sevendust. Since 2004, the reportedly unassailable OS X has suffered several cyber attacks each year, most notably the Leap-A, MacSweeper, and most recently MacDefender outbreaks.
To be fair, Mac vulnerability is a controversial issue, with Apple advocates persuasively arguing that Mac exceptions simply prove the safety rule, and that anti-Apple pundits are too quick to jump on any isolated evidence of weakness in an otherwise protected platform. One can also point to Mac’s small market share and argue that hackers and malware developers are simply less interested in going after 6% of worldwide users (even counting iOS, Apple accounts for less than 11% of the OS market).
What is clear is that relying on Apple’s efforts is not in your best interests. The vulnerability that the Trojan exploits was identified by Java developer Oracle at the beginning of 2012, but Apple didn’t begin rolling out a patch until several months later; when Flashback had already become headline news. And one of Apple’s first moves was to shut down one of the security researchers that discovered and tracked the Flashback Trojan, [http://www.pcmag.com/article2/0,2817,2402854,00.asp] either due to bad information about the Russian organization’s purpose or simply as a misguided attempt to silence the wave of negative publicity.
Ultimately, the Flashback outbreak is simply a sign that Mac users need to rely less on Apple’s claims and overall history, and more on the sort of personal discipline and vigilance that PC users have, for better or worse, become accustomed to over the years. This could include investigating various software or hardware options, and/or simply following more strict security practices. There’s no substitute for doing your own research and coming to an informed conclusion; while one security blogger may recommend anti-virus software (and other dubious tips, such as turning off unused IPv6 and Bluetooth connections), another blogger may point out that anti-virus software has a spotty track record and consumes inordinate system resources, and recommend the far more drastic step of whitelisting (i.e., requiring that every unknown IP address be blocked until you absolutely know it to be safe).
How to Check your Mac for a Flashback Infection
Kapersky Labs has put up a web app to check your Mac for Flashback infection. Note that this requires you to enter your “Hardware UUID” (Universally Unique Identifier). Kapersky is one of the most well-respected names in computer security, but if you’re still uncomfortable with putting this information out on the web, try the ‘manual’ method instead:
- Go to Utilities > Applications > Terminal
- Type (or copy and paste):
- defaults read /Applications/Safari.app/Contents/Info LSEnvironment
- defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
- defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
- Hit enter. If you get a message saying that the path does not exist, you’re fine. If a path comes up, you’ve got the Flashback infection.
How To Clean your Mac
Kapersky again comes to the rescue with a Flashback/Flashfake Removal Tool Once your system is safe, make sure you have the latest OS X patch from Apple installed, and remember to be a little more vigilant in the future.
Hope this Article has helped you fix your Mac vulnerabilities, Share it with your friends and make them aware of the issue.