“Ars reader and programmer Juan Leon put together a quick Flashback checker that can be run on its own to see whether the Mac in question is infected,” Jacqui Cheng reports for Ars Technica.
“The download is posted to github and can run on Mac OS X10.5 and above,” Cheng reports. “Leon also posted the source code for those interested in checking it out.”
Cheng reports, “The downloadable app runs the same three Terminal commands that we outlined in our how-to last week—it either says ‘No signs of infection were found’ or spits back further information if necessary… Leon says he didn’t include removal code in his app because it would require authentication, and we don’t want to start getting into that right now what with a malware infection making the rounds.”
More info and link to the free app here.
Related articles:
Top 10 free ways to secure your Mac – April 9, 2012
600,000 Macs infected with Flashback trojan, 274 in Cupertino; how to check your Mac – April 5, 2012
OS X trojan variant preys on Mac users with unpatched Java – February 27, 2012
Warning: Flashback Trojan horse spreading; Mac users should be wary of Flash installers – September 28, 2011
Apple updates OS X Lion, Snow Leopard malware definitions to address new trojan – September 26, 2011
All my machines clear and locked down. Yet to meet anyone with this yet and that includes all 100+ members of my local mug.
Is there anyone out there on these boards with an infection?
There was one person on Mac Fixit who claimed to have been infected. That’s the closest I can come to an instantiation. No one I know has had Flashback. As a rule, I suspect the security companies inflate their infection stats, but even with their numbers, fewer than 1% of the installed base is infected. On the other hand, Flashback has been seen in the wild.
No infection, BUT my brother and I both got the unexpected Flash installer (not updater) pop up with authentication request, despite 1) all Apple updates applied, including Java, 2) Java disabled just in case, 3) a Flash blocker installed and enabled (i.e. I have to click on a Flash element before it loads, so it really wasn’t the Flash plug-in loading and checking for updates), and 4) Open “Safe” files after downloading is disabled.
This is actually worrisome–the fake Flash installer launched and appeared in the Dock, so at first glance it looked like the updater, except it jumped straight to the authentication window (instead of asking whether to install the update first, like the real updater does). Before I killed it I should have tracked it down and seen where it was launching from.
That is, indeed, worrying.
Hopefully Gatekeeper will prevent such unauthorized applications from running.
All clear. Thanks to MDN for posting.
If you are the unfortunate one and get the trojan. Here’s the link to an app that can remove it for you.http://www.linkedin.com/redirect?url=http%3A%2F%2Fmoritzwette%2Ecom%2FCcount%2Fclick%2Ephp%3Fid%3D3&urlhash=oG8_&_t=tracking_disc
Mac malware may finally be a “thing” now, but one thing hasn’t changed: you just can’t hide nasty software on a Mac like you can on Windows, nor can you prevent Macs users from easily removing the stuff. That’s the benefit of not having a registry for malware to burrow into.
——RM
For those who likes to troll the net for those weird sites, Gatekeeper will help, but you should install ClamXav, just in case.
Intego offers a free 20 day trial of their AV software. It can be used to scan for and, if found, remove Flashback malware. Intego first discovered this
http://www.intego.com/mac-security-blog/intego-security-memo-september-26-2011-mac-flashback-trojan-horse-masquerades-as-flash-player-installer-package/
i do not own share in nor am I employed by Intego. I am a customer and if you were , you would not have to check as VB X6 has been on it from it’s earliest incarnation.
ran that app, it started, then just died. did nothing.
I ran the manual instructions referred to at TUAW, not infected.