Mac users have had it easy. We enjoy fun stuff without worrying about the endless toil and trouble of virus scanning, security patching, and the added expense, which we see our Windows cousins engage in.

But, do you recall updating your Mac for Adobe Flash? It’s a vague nauseous feeling of been there done that. Be aware, this likely was malware.

It’s called Flashback. It simulates an update for your Adobe Flash. We all do this. Most of us are probably generally aware that Apple and Flash are like apples and oranges, or rather oil and water. It seems as if Adobe updates are as frequent as iTunes updates. After a while we get lazy and drop our guard. Therefore, when we see another [annoying] update for Flash come across the screen, it’s no surprise…

You clicked install?! If it was Flashback, then it is a Trojan horse. Malware. We know now that this fake Flash module, which was first written about back in September 2011, lurks on your Mac, takes screenshots of your password screens, and ships them off to evil locations unknown…

Don’t let that happen to you… and don’t panic. Follow the method defined by the security experts to test for the virus, and if you find it remove it.

How to test if you are affected?

  1. Find “terminal.app” in your Mac’s Applications/Utilities folder.
  2. Click on Terminal to open.
  3. You next type in or copy and paste the diagnostic commands.
  4. Type these three lines:
    • defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
    • defaults read /Applications/Safari.app/Contents/Info LSEnvironment
    • defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
  5. If each time you got the response “does not exist”, then congratulations, you dodged this bullet.

For those unlucky people with the Flashback Déjà vu:

I’m guessing you didn’t win Mega Millions. No worries, no one reading or writing this did either. Doctor Web and Kaspersky Lab, antivirus companies, estimated that by the end of last week, over 600,000 Mac computers were infected with some strain of the Flashback Trojan horse.

If you’ve got Flashback, please follow the advice of experts to get rid of it. Flashback exploited a vulnerability with a version of Java. You will need to update your Java, but you don’t want to toast your Mac further with more trial and error.

You have choices for help. Kaspersky Lab launched a website to help you diagnose and fix the issue.

Credit Juan Leon for creating an automated app to fix the problem. Or if you want the devil’s details, see Arstechnica.com’s diagnostic help plus “How to get rid of Flashback“, which they copied from F-Secure which first distributed a free fix and instructions.

Two more steps:

Even if you don’t have Flashback, prevent it from happening. If you haven’t yet today, go next to System Preferences or your Apple menu, and run a “Software Update…” You want your OSX and Safari up to date.

While you are housekeeping, why not delete your Flash cache, because your Flash cache is never cleared when you clean your browser cache and cookies(back to the Apple and oranges thing)? Repeat this occasionally because over time it’s a drag on performance for some Macs.

Go to System Preferences / Other, open Flash Player, and “Delete All” Browser Data and Settings.

Are you a Mac?

Hope this helps. Stay healthy! Whoever said Macs are zero-maintenance? Still pretty good by comparison. (Hey for zero-maintenance, how ’bout those Chromebooks, for those in the cloud? But I digress.)

For more information about the Flashback Trojan malware, read the blog from The Next Web Conference.

About The Author

Sandra Giger is a Blast correspondent

Leave a Reply