by Mat Bitner
You probably remember the time of the harmful “Defender” trojan which tricked users into downloading an app. While browsing online an alert appeared on Mac computers telling individuals that they had been infected. Once they downloaded the app they became infected and while browsing, random objectionable content appeared. You’d then be asked to fork over your credit card to pay for the bogus removal of the software. This Flashback trojan is much more subtle. First, it doesn’t require any permission to install. If you visit a website with infected java, you might be prompted for your admin password, however, even if you opt not to give it up, it can still install itself into your user folder. So far, efforts to remove it from infected machines have been spotty, prompting many users to wipe their computer and reinstall the operating system.
Apple will undoubtedly release a java update within the next few days to patch this security hole, but for now, the only way to completely protect yourself is to disable java from your browsers.
Check out our video for instruction on how to disable java.
UPDATE: We’ve had a lot of folks asking how to know if they’re infected and what to do if they are. While there isn’t a whole lot of information, I’ve scoured the internet and found two links that explain how to manually test and remove the nefarious files.
CHECK: type the following into the Terminal application. Don’t copy and paste as you will need to change the “%Broswer%” to the names of the browsers you use on your Mac, i.e. Safari, Firefox, Google Chrome, etc.
defaults read /Applications/%Browser%/Contents/Info LSEnvironment
If you see “does not exist” at the bottom of the text, you’re essentially fine. Be sure to repeat this step with any browsers you use on your Mac.
REMOVE: Removal is a bit more involved. I won’t be going over the details here as there’s a good chance you’re in the clear. Click HERE to go to F-Secure’s website and follow the step for the removal process.