April 6, 2012
This is not a real email based threat but at MX Lab we thought to share the information to the public to warn about this.
Several news sites have published an article related to the Flashback-trojan that is infecting MacOS X computers. So far, 600.000 computers,according to the latest intel from DrWeb, have been identified as infected and are transformed into a bonnet. According to 274 computers from Apple at Cupertino are also infected.
- Open Terminal (found in /Applications/Utilities/)
- Type the command: defaults read /Applications/Safari.app/Contents/Info LSEnvironment
- Terminal should return: The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
- Type the command: defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
- Terminal should return: The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist
If Terminal returns both messages above after given the command, your Mac is not infected.
In the past, I also had discussions with people on blogs or forums regarding the statement “Get a Mac and you have no viruses or trojans”. I have always said in those discussions that an operating system, wether it is MacOS X, Windows, Unix or Linux, is not a guarantee that you are safe. Each system is vulnerable and MacOS X was in the past not a real target. This is now different because more people have a Mac and it is more tempting and rewarding to write a virus or trojan for MacOS X these days.
- get a security application for your Mac and keep it up to date
- disable Java on your Mac if you do not need it (also recommended for Windows users)
More information regarding the threat:
More information regarding removal of the trojan: