Flashback Trojan: Making Sure Your Mac is Safe

The Flashback Trojan poses a potential threat to Mac users with older version of Java installed, and according to the Russia-based antivirus company Dr. Web, over 600,000 Macs have been been infected. Avoiding the Trojan is fairly easy to do, and checking to see if you’ve fallen victim only takes a couple steps.

The Flashback Trojan originally tried to trick users into giving up their account login by posing as a Flash installer where it would then disable OS X’s built-in malware definition updater, opening the victim’s Mac to more potential attacks. A later version attempted to exploit a security flaw in older versions of Java to auto-install itself.

To avoid getting stung by Flashback, be sure the latest version of Java is installed on your Mac. Apple released a Java update on April 4 that addresses the vulnerabilities Flashback exploits.

Since you can fall victim to Flashback simply by visiting a maliciously crafted website, it’s a good idea to make sure you have the latest version of Java installed on your Mac right away. Apple’s Java update is available for OS X 10.6.8 and OS X 10.7.3 through the Software Update application, or as downloads from the Apple Support website.

Apple doesn’t include Adobe’s Flash player as part of the OS X installation, so if you need Flash, you have to download and install it yourself. Instead of clicking a link in a Web dialog that offers to install Flash for you — a common way to get hit by Flashback — go to the Adobe website and download the installer yourself.

If you think Flashback may have found its way onto your computer, the security company F-Secure offers steps to see if you are infected along with options for removing the malicious files from you Mac.

  • Start by launching Terminal. It’s in Applications/Utilities.
  • Enter this command: defaults read /Applications/Safari.app/Contents/Info LSEnvironment
  • Press Return
  • If Flashback isn’t present, you’ll see this message: The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
  • Now enter this command: defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
  • Press Return
  • If Flashback isn’t present, you’ll see this message: The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

Jeff's Mac is Flashback-freeJeff’s Mac is Flashback-free

If the responses you saw were different, it’s time to follow along with the instructions on the F-Secure website. Since it’s easy for hackers to make websites that look legit, be sure you’re Mac is up to date and if you must run Flash, grab the installer from Adobe’s website and no where else.