A malware analyst announced yesterday that approximately 600,000 Mac’s were part of a worldwide botnet. Sorokin Ivan broke that number down further to claim that over half of the computers infected with the virus dubbed Flashback were located within the United States.
The malware which was originally spotted in the wild in September of last year was originally a fake Adobe Flash plugin. It evolved into something much more and went on to exploit vulnerabilities in Java. Apple promptly released a patch for the flaw yesterday.
The malware works by exploiting the Java plugin for web browsers. After visiting an infected website, the malware will automatically install itself. If you give your root password when prompted it will bury itself in the Applications folder. Failure to provide root password will still result in an infection, but only in the user’s folder.
The application once installed is meant to steal passwords. Passwords for Skype and those typed in your web browser are vulnerable.
How do you know if you have the Flashback virus?
In terminal run those command:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
You should get an error that says does not exist. Next run this command:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
This should also not exist.