The Apple Mac Virus/Flashback Trojan: What is it?

It has been reported Apple Macintosh users have become vulnerable to the Flashback Trojan malware. This is not a virus as it can’t spread from one mac to another, however these terms are often confused.

Details on removal are at the bottom of this page.

What is a Trojan?

Broadly speaking, a “Trojan” is any malicious or harmful program that disguises itself as a normal program and asks the user to run it. A Trojan is not actually the same as a virus as it does not spread itself but waits to be downloaded; however, it can be just as damaging, if not more.
Often, a Trojan will masquerade as something desirable or useful on the internet, such as an application, therefore tricking the user and gaining access to otherwise secured networks. Unsurprisingly then, Trojans take their name from the Greek Myth of the “Trojan Horse” that was used to infiltrate and destroy the city of Troy.
Trojan Horses are an extremely developed form of virus. As such, there are many types of Trojan which have different consequences for your computer.
It is useful to know the different types of Trojan so that you can be extra vigilant against them:

Remote Access Trojans

The most frequently available. Allows the attacker to gain complete control of your computer to access files and personal information.

Key Loggers

Logs your keystrokes and sends information back to the attacker. This means your passwords and any other sensitive data can be extracted from a log of the buttons you have pressed.

Destructive Trojans

Has only one purpose: TO DESTROY AND DELETE YOUR DATA! This can be done remotely by the attacker, or be programmed to wait until a specific time or day before launching a destructive bomb into your files.

Password Sending Trojans

Intended to discover (as with key loggers) and copy all cached passwords to send to particular email address.

FTP Trojans

Out-dated, but still in circulation. These open a Files Transfer Protocol port which allows anyone to connect to the user’s computer via a network to access files and personal information.

DoS (Denial of Service) Attack Trojans

Overloads the user’s computer or server with internet traffic, therefore making the Internet Connection too congested to allow access to websites or downloads.
The Flashback Trojan is designed to steal personal information and is used as a botnet (to send spam to other computers).

How to check your Mac for the Flashback BackDoor.Flashback.39

Dr. Web has an online tool to check if you have a Trojan. It’s always worth checking even if your mac is working great!

Apple Trojan Removal (From F-Secure Website)

“Manual Removal
Caution: Manual disinfection is a risky process; it is recommended only for advanced users.
Manual Removal Instructions
1. Run the following command in Terminal: 

defaults read /Applications/ LSEnvironment
2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:

”The domain/default pair of (/Applications/, LSEnvironment) does not exist”
4. Otherwise, run the following command in Terminal: 

grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step2%
5. Take note of the value after “__ldpath__”
6. Run the following commands in Terminal (first make sure there is only one entry, from step 2): 

sudo defaults delete /Applications/ LSEnvironment 

sudo chmod 644 /Applications/
7. Delete the files obtained in steps 2 and 5
8. Run the following command in Terminal: 

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following: 

”The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”
10. Otherwise, run the following command in Terminal: 

grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step9%
11. Take note of the value after “__ldpath__”
12. Run the following commands in Terminal: 

defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 

launchctl unsetenv DYLD_INSERT_LIBRARIES
13. Finally, delete the files obtained in steps 9 and 11.”

We always recommend seeing a professional if you think or know you have a virus on your PC Computer, Laptop, or Apple Mac. Call our team today on 017538 84700 or 01494 730120

Leave a Reply

Your email address will not be published. Required fields are marked *