How To Check If Your Mac Is Infected By The New Flashback Trojan

If you are one of the many people who believe that a Mac is incapable of falling prey to viruses and Trojans, then it is probably the right time for you to rethink your stance on the situation. In fact, if you are the type who panics easily, then you may want to read on with great interest and take note.

A new and rather mysterious Trojan that affects OS X running Macs is starting to do the rounds on the world wide web, which in itself wouldn’t be such terrifying news. However, the fact that the Trojan is written in a currently unknown programming language, and it doesn’t even need access to the Mac’s administrator password to bypass security is rather worrying. It is also estimated that the Trojan has infected over half a million users and could be spreading even further as we speak.

090707_k22_ow_pf_dr 004

If you are concerned that you may be one of the 600,000 affected (at the time of writing), or just security conscious in general, then follow the guide below on how to determine if your Mac has been compromised.

How to determine if your Mac has been affected using the Terminal app

Step 1: Run the Terminal app on your Mac either by selecting it from the Applications folder or pressing CMD + Space and searching for Terminal in Spotlight.

Step 2: Type the following command into the terminal app: defaults read /Applications/Safari.app/Contents/Info LSEnvironment.

Step 3: Terminal will return information back to you based on the entered text. Make a note of the value DYLD_INSERT_LIBRARIES.

Step 4: If Terminal returns an error similar to "The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist" then check out the next step below.

Step 5: If the command in step 2 produced an error message then enter the following command directly into the Terminal app: defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES.

Step 6: If any results are returned then take note of them. If Terminal produces an error similar to "The domain/default pair of (/Users/paul/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist" then it means you are not affected by this creepy Trojan.

If running the commands listed in step 2 or step 6 produce any variant of the ‘does not exist’ error message then it means your Mac is not affected. However, if the commands actually return any results then head on over to the F-Secure information page in order to find out how to get rid of this pest.

Regardless of the result, clean or infected, it is advisable to download a security update that exists to patch the Java vulnerability that allowed this menace to grow so large in the first place.

(via Gizmodo)

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.