It was two nights ago around 2am while reading a tech thread about the reappearance of the OS X Trojan malware known as Flashback I began feeling this dreadful concern about my MacBook Pro. I had recently updated my Flash player via pop-up notification, a big no-no, as the Flashback Trojan was named for its fake Adobe Flash Player installer, complete with Flash player logos. I literally jumped out of bed and went through various steps to check if my machine was infected, as I had noticed some instability issues...
Flash forward to this morning and the big news in the Mac community is yesterday's report about the possible malware infection of up to 550,000 machines worldwide:
The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it. Doctor Web found two versions of the Trojan horse: attackers started using a modified version of BackDoor.Flashback.39 around April 1. Similarly to the older versions, the launched malware first searches the hard drive for the following components:/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.appIf the files are not found, the Trojan uses a special routine to generate a list of control servers, sends an installation success notification to intruders' statistics server and sends consecutive queries at control server addresses.
Fortunately, after running a few Terminal commands I was able to (triple) check and verify my machine had installed a legit Flash Player update instead of any malicious code. You can do this yourself if you're comfortable with using Terminal (the application is located in Applications>Utilities>Terminal).
How to Check Using Terminal (Harder Way)
1. Run the following command in Terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2. If this command returns a line which includes, DYLD_INSERT_LIBRARIES, take note of location.
3. You're safe if the error message is: "The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"
Of course, I wanted to make sure the multitude of friends who use Macs like myself were informed. But upon sharing the news, this computer-speak mumbo jumbo about command lines and checking for inserted bits of code were met with confusion, indifference...the reputation of Mac users being mostly hands-off with their machines is more true than not.
How to Check Using the Super Simple Script
So we were pleased to see a MUCH easier Flashback diagnostic script tool became available this morning, via Mashable. All you have to do is download this zipped file, open Files.zip, and double click each uncompressed files to run the security check on your computer.
Once again, if you see "does not exist" in the report, you're clear. Even so, you'll want to make sure to update your OS X system with the latest Java for Mac OS X Update to plug this annoying security hole. And ALWAYS update any Adobe component directly from the Adobe site, not when served a pop-up notification while browsing online.
If you see anything else than the "does not exist" response noted above, you might want to get ready for some headache-inducing reading and learn about how to manually remove the malware. I did, headaches and all...lesson learned, tough stuff.
100 DIY Ideas for the 3-Day Weekend
Danielle's Charming, Classic Walk-Up
Good Food to Share 
The Big Book of Small, Cool Spaces 
Apartment Therapy Presents 
The Eight-Step Home Cure 
White Enamel Flatwa...
How To Cook Fluffy, Tasty Quinoa
Perfect Summer Cocktail Recipe: Honey Bourbon Lemonade
Flash sucks so much for this sort of thing. It's the only route that ever worked to get onto my old Dell laptop as well, and in that case it got in despite an updated flash.
Whenever I get annoyed that certain videos won't play on my iPad, I just think about that and stop complaining.
@ Kaete
U say flash sucks but the fact that flash in reality is pretty much in most newer electronic devices is the real factor that sucks. Just think about it. Web enabled TV's, appliances, gaming consoles, DVR boxes. Although Adobe is retooling flash to be coded as HTML5 for friendlier play with IOS isn't the answer as HTML5 has its flaws. The easier/friendlier the interaction becomes, the more room for error. If I'm not mistaken, Java was the back door used to achieve this.
If you get down to it, not one program will be free from vulnerabilities. The more one adds to a program to improve functionality and look, the more vulnerable it becomes. That said, viruses, malware, etc. are hear to stay as long as programs exist.
Being a PC person myself, that's the 1st thing you'll learn, only update directly through the program itself, the developers site and/or the OS updater/site. Also treating everything as suspicious until you know what can be trusted will help prevent infection of ones system it be Mac or PC. The popularity of Apple is its and will be its undoing just like Windows. Same to hold true if and when Unix - Linux becomes the popular choice.
"U" is not a word, but a vowel. Vowels are subcomponents of words.
""U" is not a word, but a vowel. Vowels are subcomponents of words."
BWAHAHAHAHA! Somebody got TOLD. OOoo somebody got told. Funniest thing i've read on the internet all week.
Except for "A" and "I" which are both vowels and words, so that doesn't really hold. Sorry I'm a linguist and I hate linguistic snobbery.