OSX Flashback Trojan Fix
April 10, 2012 Leave a comment
This is absolutely not the best reason to write blog. This is one of the worst ones. At least for a person like me, an active member of the MAC community. It is sad, but we have to be realistic. This day was expected to come when something major hits the MAC. Apple have been busy making these amazing computers, and now as they become more and more popular there’s more people aiming to attack us using them.
The attackers used a vulnerability in Java to insert malware onto the machines. In case with Apple, who have their own custom version of Java, they sadly are usually quite late with updating it. So in this scenario, even if you were up-to-date with your software you could get the malware onto your machine, just by visiting a compromised web site which contained malware (a lot of major web sites affected by this), it would use the Java vulnerability to install itself onto your machine without you even noticing. No user interaction required whatsoever.
Going back a number of months it was acting a fake-flash installer that you would download, and by installing which you would get malware onto your machine, so you would have to actually accept the installation of the so-called “flash” which would prompt for installation after you visiting a web site for example.
The attackers are forming a botnet (What is a botnet?) of Mac users to be available for spamming/monitoring/data theft, you name it.
Now how do we go about understanding if you have it, removing it and making sure we protect ourselves. First of all, everybody and always has to make sure their software is up-to-date. No excuses. I see no reason people not updating their software, if their computer can run it. There is really no reason. And make sure that you are using an Apple Supported OS – so you have to be on Snow Leopard or Lion. Anything under – you’re not safe.
Quite a few nice people on the internet have came up with a few ways of looking up if you have the trojan, and how you can remove it.
One of my most respected podcasters Bart Busschots has combined instructions to check if you’re infected from F-Secure and Tidbits. You can find the instructions on his blog at http://www.bartb.ie – the direct link to the article is here
But all it takes is to download a script, run it. And it will identify if you’re infected. If you’re not – happy days. If you are… You have to follow the instructions on the F-Secure web site. And at the time of me posting this, Kaspersky have came up with a removal tool – the direct link to download is here.
Ok people. This is a sad news, but I keep you updated. Stay on the ball, safe, and careful!