Tuesday, April 10, 2012

How To Find And Kill The Latest Malware On Your Mac

Tera TrojanMac users have had it easy since the turn of the last century. Malware? What malware?

Except for a few proof of concepts, most Mac malware fizzled quicker than a Republican presidential campaign looking for a Las Vegas sugar daddy.

Until now.

Due to a recently closed vulnerability in Java, the Flashback Trojan Horse is claimed to have infected up to 600,000 Macs worldwide. That’s a lot of infection for the What Me Worry Mac platform.

If you visited a malicious website recently that hosted Flashback, and your Mac’s browser was set to run Java, the Flashback Java applet could have infected your Mac.

How can you find and remove Flashback?

I found three ways to check. One uses Terminal. The other two are quickly crafted apps that check your Mac for an infection.

First, the F-Secure website gives you step-by-step instructions to use the Mac’s Terminal app to find and delete Flashback (assuming it’s on your Mac).

Second, the feee app FlashbackChecker will check your Mac for an infection, but it doesn’t remove it if it’s there.

Finally, there’s the donation ware Anti-Flashback Trojan app, which checks your Mac for the infection, and, if it finds Flashback, deletes it (which you can also do manually in Terminal).

Apple posted a recent Java update with prevents your Mac from being infected but doesn’t delete Flashback if you have the infection already.

Make sure you have the latest Apple updates. If you don’t need to use Java, don’t install it. Or, if it’s installed already, open Safari’s Preferences, click Security, and disable Java (JavaScript is not affected; they’re not the same).

600,000 Macs were infected? So says a lone source in Russia. But few reports have surfaced that Flashback has been found in the wild. I visit a number of forums online and few Mac users have posted that their Macs were compromised by Flashback.

Still, it’s better to be safe than sorry.


  1. Gordon says

    Thank you for using the words ‘malware’ and ‘trojan’ and not the word ‘virus’. Many are falsely reporting that Macs finally have a ‘virus’, and a trojan malware is not a ‘virus’ and Macs still do not yet have a ‘virus’.

  2. willis says

    Trojans have always exists, Mac or Windows. I can write a little script to erase your hard disk drive, send it to you via email, with a message that says “Click On This To Make Your Mac Faster.”

    It’ll make it faster all right. By erasing everything.

    The vulnerability of aTrojan Horse is primarily the user. Stay away from nefarious web sites. Don’t download files from unknown sites. Don’t open email attachments without checking first.

    Trojans are easy to get. All it needs to infect a Mac is an inattentive user.

    BTW – I’m betting there are NOT 600,000 Macs infected.