According to Russian antivirus firm Dr. Web, over 600,000 Macs worldwide are infected with the Mac flashback trojan. The trojan can be installed if you visit a malicious website, and it will attempt to connect your Mac to a botnet.
Unfortunately, for the moment the only solution is to head into Terminal and copy and paste a few commands — so the process is recommended only for advanced users. If you’re comfortable with that, head to Applications > Utilities, launch Terminal and dig in — here’s how to quickly find out if you’ve got Flashback:
1. Run the following command in Terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:
“The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”
4. Run the following command in Terminal:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
5. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:
“The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”
If your results show anything other than “does not exist,” we recommend to check the F-Secure website and following the full instructions to eradicate the Flashback trojan.
Mac users to download and install a security update released by Apple from support.apple.com/kb/HT5228 to prevent infection of their systems by BackDoor.Flashback.39.