Recently, a variant of the trojan known as "Flashback" has been discovered that uses a Java Vulnerability in Mac OS X and makes it possible for malware to harvest user names and passwords from Mac users. This particular trojan has been through several variations, and the malware creators continue to tweak the trojan in an attempt to circumvent detection and infect more systems. The current best estimate of the number of systems infected is over 600,000 systems world wide.

Even on systems that have received an update to Java, the trojan will present a fake certificate in an attempt to trick the end user into installing the trojan.

To determine if the trojan is present on your machine follow these steps:

  1. Open the Terminal application on your Mac, type the following and press Enter:

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment
  2. If you receive the message "The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist" type the following and press Enter:

    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
  3. If you receive the message "The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist" your Mac is safe and free from the "Flashback" trojan.

If you receive any message other than the ones listed above, you will want to follow the full instructions for manually removing the trojan.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve our Help Center:
Email Address
Optional, but our team may contact you for more information.
Did you find this article helpful?

Post a Comment

Name:
Email Address:
Comment:
Are you a bot?
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

News / Announcements

Update to SSL Certificates - Certificate Warnings
1969-12-31 11:00 am EST
Hits: 694

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.