Macs can get viruses too!
Find out if you are infected with the Flashback Trojan and how to fix it – fast and easy
Apple computer users have not had to worry about getting a virus infection in the past, but a Russian antivirus company is reporting that 600,000 Macs are currently infected with a nasty Trojan horse virus called “Flashback.”
Doctor Web issued a report on Wednesday that said 550,000 computers with Mac OSX have picked up the virus. An analyst at Doctor Web later sent a tweet noting that 600,000 Mac computers have actually been infected and some — about 274 — are actually based in the same city as Apple’s headquarters, Cupertino, Calif.
Flashback was originally discovered in September 2011 and was designed to disguise itself as an Adobe Flash Player installer, using Flash player logos. After installing Flashback, the malware seeks out user names and passwords that are stored on your Mac.
Two AppleScripts have been developed to determine whether or not your computer has been infected with this virus. Why two? Well, there are actually two areas of your hard drive that need to be checked for nasty files.
These files simply run the terminal commands and let users know if they have anything to worry about. They aren’t the most beautiful creations, but they do the job.
You can download the scripts at the CloudApp (http://i.c-mac.me/Fc21). After unzipping, simply double-click on “trojan-check” and “trojan-check-2.”
If you get an image that looks like the image below, you’re in the clear.
There are no visible symptoms for this Mac virus, except for making sporadic connections to unknown servers that can be only seen in the firewall logs, if any firewall is in place. The symptoms also depend on the payload that may be downloaded upon the command from the control server.
Although it’s difficult to prevent contracting the virus, it’s not impossible.
The bad thing about these types of infections is that it is hard to prevent them without disconnecting one’s computer from the Internet all together We advise Mac users to strictly follow Apple’s security updates. Don’t neglect them.
To protect your computer from contracting the virus now, download Apple’s latest software update. Click the Apple logo located in the top-left section of the desktop and select Software Update. Install all of the available updates as soon as possible.
Unfortunately, the number of infected computers is still increasing. We encourage Mac users to install anti-virus software, even though many think it’s unnecessary to do so for Apple computers.
Although symptoms are minimal, there are a few things you can do to see if you are infected. iComputer suggests the following steps (note: we posted the html below so you could read the full code):
- Go to the Mac’s Library folder and select LaunchAgents. There should be several files in that catalog.
- Search all files in the folder for the following contents:
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC”-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<key>Label</key><string>com zeobit keep</string>
- Look for the file name specified in the ProgramArguments key. This is where the file BackDoor.Flashback.39 would be located. If the file is empty, it means that none of your programs are meant to start automatically. It also means that you are not infected.
- To see if this is the Trojan, scan it with anti-virus software for Mac OS or upload it to VirusTotal website.
- To cure the machine, delete both files.
- Removing the files should restore your computer.
The news comes after Apple continues to position OS X as a more secure alternative to other computer makers.
“A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers,” Apples notes on its homepage. “That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.” This is partially true as Macs are not as susceptible as Windows computers but safety measures should definitely be taken to make sure that you don’t have a virus. Call iComputer if you have any questions or need help with any of these steps! 720-253-0092