How to determine if you have been impacted by Flashback malware

Version 20
Last Modified: Apr 16, 2012 6:08 AM

Flashback is the latest attempt to infiltrate Macs as of April 7, 2012. 

 

Apple has posted a knowledgebase article about it.

 

For 10.7.3 users who do not have Java installed, Apple has now released a Flashback removal tool

 

For 10.5.8 and earlier, and non-patched versions of 10.6 and 10.7, disabling Java is probably the best action you can take to avoid being impacted.

Also don't install any Flash from websites other than Adobe.  Unfortuantely this does mean Motorola CPU, PowerMac users (G5, G4, G3, 601, 603, 604) and users who can't update to at least 1 GB of RAM won't be able to get the patch.  

 

If you appear to have been infected, and have a machine that supports 10.6.8 or 10.7.3 backup to a new place before installing any software, so you can see if you

can apply the 10.6.8 or 10.7.3 update if needed, and the patch it with Apple's patch to Java that corrects the hole in Java.  You may need to watch your financial data

to ensure no one has hacked that or stolen your identity more carefully.   Several places on the net offer infection tests.  Some are more reliable than others, and I would ask in the forum to ensure you get the most reliable.

 

People with slow internet connections who need to update to the appropriate version of 10.6 and 10.7, should take the appropriate link with them and copy the installer DMG file to a USB flash drive to be updated to the version able to be patched: 10.6.8 Combo and 10.7.3 Combo.  If interested in updating to 10.7, read this tip.

 

Until all known varients of the malware have been diagnosed, you are probably better off with Sophos to ensure you catch all known variants.

 

Downloads Apple posted on April 12th at the same links Apple offered before now offer new capabilities. Only these now include a built-in removal tool of Flashback. 

If you have 10.6.8 or 10.7.3, Apple's Java patch catches and stops most of these through the security updates in the links for each operating system, 10.6.8 and 10.7.3

 

If after using these downloads, you still appear to have the Malware, be sure to post to the forum what you find, and someone will be able to help.