CyberKnowledge Technology Blog

Everything tech – reviews, tips, software, news

All tech all the time

Welcome to CyberKnowledge technology blog.

Flashback trojan exploits java; 600,000 Mac users infected

Posted by Alex Bailey On April - 6 - 2012

A malware analyst announced yesterday that approximately 600,000 Mac’s were part of a worldwide botnet. Sorokin Ivan broke that number down further to claim that over half of the computers infected with the virus dubbed Flashback were located within the United States.

The malware which was originally spotted in the wild in September of last year was originally a fake Adobe Flash plugin. It evolved into something much more and went on to exploit vulnerabilities in Java. Apple promptly released a patch for the flaw yesterday.

The malware works by exploiting the Java plugin for web browsers. After visiting an infected website, the malware will automatically install itself. If you give your root password when prompted it will bury itself in the Applications folder. Failure to provide root password will still result in an infection, but only in the user’s folder.

The application once installed is meant to steal passwords. Passwords for Skype and those typed in your web browser are vulnerable.

How do you know if you have the Flashback virus?

In terminal run those command:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

You should get an error that says does not exist. Next run this command:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

This should also not exist.


Leave a Reply