Related Article: About the security content of Java for OS X Lion 2012-002 and Java for Mac OS X 10.6 Update 7

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Living Golf
Living Golf Author
User level: Level 1
0 points

Malicious Flashback Trojan

I am not sure if my computer is infected. I was yesterday on facebook downloading one of my own IMovies to my Facebook page. I was prompted to install Adobe Flashplayer. I downloaded install_flash_player_osx.dmg which I did. During the process I was also prompted to give my administrators password, which is normal. However I now read in the news that this is exactly what happens with the malicious Flashback Trojan. Do I have to download security update 2012-001 which is over 200MB. It is a bit of a challenge as I am in a very remote area and only access to Internet via a mobile network. Thank you for any advise.

MacBook Pro, Mac OS X (10.6.8)

Posted on Apr 6, 2012 4:45 AM

Reply
5 replies
User profile for user: etresoft
etresoft
User level: Level 8
46,318 points

Apr 6, 2012 8:08 AM in response to Living Golf

Never give out your administrator password unless you manually initiated the action. If you get a pop-up asking to update flash, dismiss it, and manually verify your version at: http://www.adobe.com/software/flash/about/

and, if necessary, update it at: http://get.adobe.com/flashplayer/


Unfortunately, the standard behaviour of Flash Player and many other types of auto-update programs makes them impossible to distinguish from malware. This will be fixed in Mountain Lion with Gatekeeper. You will be able to restrict your machine to getting software only from the Mac App Store.


To check if you have malware, try the following...


In Terminal.app, run:


cat ~/.MacOSX/environment.plist


and


codesign -v /Applications/Safari.app


If you get anything about "DYLD_INSERT_LIBRARIES" on the first and/or "code or signagure modified" on the second, then you are infected. Any other responses (including none) means you're fine.

Reply
User profile for user: Living Golf
Living Golf Author
User level: Level 1
0 points

Apr 12, 2012 8:47 AM in response to etresoft

Thank you Etresoft, very clear. I appreciate your support very much. I have gone into Terminal in Utilities and entered:


cat ~/.MacOSX/environment.plist

No answer. When I press ENTER the answer is "No such file or directory"


codesign -v /Applications/Safari.app

The answer is " a sealed resource is missing or invalid"


So I should be fine, yes? I would be grateful if you could confirm.

Also rang Apple and they suggested to have the MacBook Pro checked by one of their technician. Also recommended not to do any Internet financial transaction until checked.

Reply

Malicious Flashback Trojan

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up