The news came out in many newspapers because it was sensational: a fairly serious virus is affecting Macs all over the world . In unsuspicious times I had already written a post on the best antivirus for Mac specifying the fact that even if the operating system of a Unix-based Apple computer is not a target of hackers, there are still some web technologies that require specific software on any computer.
Programs like Flash and Java are always succulent targets for hackers and viruses.
The virus that is infecting many Mac computers, especially in the USA (and will quickly arrive in Italy) in a silent and occult way is called FlashBack, a Trojan (see what a Trojan is) originally discovered in September 2011 which was designed to hide in Adobe Flash Player.
What is doing more damage, however, is a variant called Flashback.K which relies instead on the Java plugin.
After installing Flashback, the malware searches for usernames and passwords stored on the Mac.
There are no visible symptoms of this Mac virus, except for lightning-fast connections to unknown servers that can only be noticed in the firewall logs.
The bad thing about these types of infections is the difficulty of blocking them without disconnecting the computer from the internet.
Since in Italy it is still not widespread, it is the case that all owners of a MAC computer protect the computer from contracting the virus, immediately, by downloading the latest Apple update .
Then click on the Apple logo located at the top left of the desktop, select Software Update and install all the patches available today.
In particular, the patch to protect the MAC from Flashback should be downloaded. It is documented by the Apple website and protects Mac OSX, Mac OSX Server v10.6.8 and OS X Lion.
To check if your MAC computer is infected with the Flashback virus, since there are no symptoms, you need to perform this procedure:
Download the zip file from this page (from the File menu -> Download), extract the zip archive and then run the two scripts contained in it with a double click: " trojan-check " and " trojan-check-2 ".
If you get a warning other than " does not exist ", then your computer has been hit by Flashback.
To remove the Flashback virus from the infected MAc, the instructions are given on the F-Secure website and, in a nutshell, are these:
1) Open the terminal and write the command defaults read /Applications/Safari.app/Contents/Info LSEnvironment ;
2) Take note of the DYLD_INSERT_LIBRARIES code and press enter ;
3) If you are infected, some files are found (otherwise it would be written does not exist) then write the command grep -a -o '__ldpath __ [- ~] *'% path_obtained_in_step2% and mark the value after "__ldpath__"
4) Run the commands " sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment " and " sudo chmod 644 /Applications/Safari.app/Contents/Info.plist ", then deleting the files found in the second point and in the third.
5) Run the command " defaults read ~ / .MacOSX / environment DYLD_INSERT_LIBRARIES " and verify that the trojan has been removed by reading if the message "does not exist" is written.
6) If not, repeat the grep command of point 3.
Then run the commands; " Defaults delete ~ / .MacOSX / environment DYLD_INSERT_LIBRARIES launchctl unsetenv DYLD_INSERT_LIBRARIES " and " launchctl unsetenv DYLD_INSERT_LIBRARIES " and delete the indicated files.
