What is Flashback?

ByMike Moffit

Last October we reported Flashback, (Fake Adobe Updater), which poses as an update to Adobe Flash, but really installs a “backdoor” to allow someone to access your system from remote. This allows them to set up a series of computers in a “botnet,” which can be triggered to attack a web site all at once. Originally, it required the user to enter their administrator password to install, but since its initial discovery this nasty little package is now capable of installing itself without the user authenticating the installer.

As much as Adobe Flash attracts negative press on the Mac platform, Flashback is not actually a Flash vulnerability. Rather, it takes advantage of a security hole in Java (not to be confused with JavaScript.) Flashback can affect versions of Java up to 1.6.0_31. Apple recently patched OS X to close this hole, but a lot of people have been infected already; not only did Apple take a month to release the patch but many people simply do not install Security Updates when they are released.

How do you tell what version of Java you are running on your Mac? One way is to open Terminal (Applications -> Utilities) and simply type the command:

java -version

The output will list the version on your machine. If Java is not installed, it will launch an installer. If you do not already have Java on your machine, you most likely do not need it, as any app that requires it will prompt you to install it.

Next question is, how do you tell if you are infected? F-Secure gives us a few terminal commands that will tell you if Flashback has created libraries in your browser applications. For simplicity, Safari is the browser we are choosing to look into. The commands are as follows:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

and

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If the result of running these commands ends in “does not exist,” the Flashback Trojan has not been installed on your machine. If you do find that your system is infected, you can find steps for manually removing Flashback at F-Secure’s website. You can also download Sophos Free AntiVirus for Mac, which will detect and remove Flashback.

For those of you that are local, Small Dog is offering a removal service for $29.99.

Note that updating your version of Java will secure you against the injection of the code on your machine, but it will not remove the Trojan from your machine should it already be installed.

Similar Posts

  • How Do I Move to an iPhone?

    If you’ve recently purchased an iPhone, you’re probably asking yourself, “How do I get all my stuff to it?” People have a lot…

  • Diamond Protection for your Mac or iOS Device

    Small Dog recently joined forces with Mack to provide 3 year warranty protection for your new electronic device that will protect against accidental damage. That’s right! You can stop crying when you drop your iPhone on the pavement because your arms are full but you’re still trying to talk and open the car door. (Surely, I’m not the only one who has done this!)

    Here’s the coverage provided with the Diamond Service:
    * Manufacturer Defects
    * Impact Damage
    * Sand/Grit Damage
    * Accidental Damage and Unintentional Abuse
    * Mechanical Malfunctions
    * Normal and Abnormal Wear and Tear

    What it won’t cover:
    * Intentional abuse, misuse or damaged beyond recognition
    * Fire
    * Lost
    * Stolen

    Add Diamond Coverage within 30 days of purchase and there must be at least 90-days left on the manufacturer’s warranty.

    Diamond Coverage is available for iPods, iPhones, iPads and Macs. We are also offering Mack’s Standard Warranty which will cover parts and labor for manufacturer’s defects for any used computers that we are selling.

    “Click here”:http://www.smalldog.com/category/Services_and_Warranties/Third_Party/?sort=descriptionasc for additional info and pricing and look for specials below!

  • TT SPECIAL: Capo Case by Hammerhead with Diamond Warranty for your new iPad

    Come into our stores to purchase an iPad and check out this bundle!
    Brand new Capo Case by Hammerhead with Diamond Service Warranty – $119.99
    Don’t feel left out – We’ve also put free shipping on the new Capo Case for anyone who has an iPad 2 or new iPad (or can’t make it to our stores) and is looking for a fabulous protective case!

  • RotW: Outlook Web Access vs Safari

    A customer came to the service counter reporting Internet issues with a new machine, specifically that after a time webpages would no longer…

  • As service technicians, we are always getting into your system. Over the past seven years the iMac has changed quite a bit from the small white 17-inch screen with a white acrylic case to the 27-inch aluminum beast we have now.

    The parts inside have changed a lot as well–while some have stayed relatively the same (such as the optical drive and the hard drive), other components such as RAM, AirPort card and logic board have all been reduced in size. While the overall access to the internals of the iMac has become a bit more difficult, we’ve found that the design is one that still amazes through the attention to detail.

    We always love to look into the new version of a computer and see what has changed, what has been improved, and what our new challenges are. And of course, we always like it when there are no extra screws left when we are done!

    Jason
    “*jasonl@smalldog.com*”:mailto:jason@smalldog.com