Flashback : When Mac OS X is not completely Free of Virus & Malware
One of many reason why i use Macbook as my primary laptop is because the superior security from its Operating System, Mac OS X. Using Mac OS X means no virus, no trojan and no malware. But couple years ago, since the first virus found, Mac OS X is no longer invulnerable as we know it for couple of years. And today, it was turn out that Mac OS X is not as safe as before. According to report from Dr. Web (one of Russian antivirus company), there are more than half million Apple Mac computers have been infected by Trojan called “Flashback” or sometimes called as “BackDoor.Flashback.39“.
According to Dr. Web report, about 600,000 Mac computers have been installed by that malware and make them to be one of “botnet”. Most of the infected Mac computers reside in United States, Canada and United Kingdom. There has been no official statement from Apple regarding this issue. But Apple has released a security update to prevent this. I personally has update my Java using the last update Java for Mac OS X 10.6 Update 7 just now. It should fixed the security hole.
Flashback Malware itself was first detected in September 2011. Flashback Trojan disguised in Adobe Flash Player installer. After the trojan is installed, it will disable some network security and then install dyld library that will inject code in running applications. Flashback can grab your valuable information like password and important data through web browser or other applications.
As quoted from the BBC, the latest version of malware is exploiting the java programming language that allows the malicious code is installed without the consent of the user. The developer of Java programming language, Oracle, has repaired this security hole on February 14, but it seems does not work on Apple Macintosh machines.
How to Check Flashback on Mac OS X
For you who didn’t install anything on your Mac OS X lately, it should be fine. But if you want to make sure, is your computer has been hit by Flashback Trojan or not, here are several steps about how to check Flashback on your Mac OS X.
- Launch Terminal and enter the following commands:Safari Users :
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
Firefox Users :
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
- If you see a message like “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist” proceed to the next defaults write command:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
- If you see a message “The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist” then your Mac OS X is not infected.
How to remove Flashback from Mac OS X
There are several step by step guide about how to remove Flashback from your system. There are two guide you can use, which are Topher Kessler’s article on CNET and F-Secure’s Thread. After you succeed remove the trojan, i recommend you to update your Java with the last update from Software Update.
Incoming search terms:
- osx flashback iv
- flash backdoor virus