Friday, April 6, 2012

How to check your Mac new virus alert

Mac Flashback Trojan: Find Out If You're Infected and What to Do About It

Apple computer users may think they have nothing to worry about when it comes to contracting viruses and malware online, but a Russian antivirus company is reporting that 600,000 Macs are currently infected with a nasty trojan horse virus called "Flashback."

Doctor Web issued a report on Wednesday that said 550,000 computers with Mac OSX have picked up the virus. An analyst at Doctor Web later sent a tweet noting that 600,000 Mac computers have actually been infected and some — about 274 — are actually based in the same city as Apple's headquarters, Cupertino, Calif. About 57% of the infected Macs are said to be in the U.S. and 20% are based in Canada.

Flashback was originally discovered in September 2011 and was designed to disguise itself as an Adobe Flash Player installer, using Flash player logos. After installing Flashback, the malware seeks out user names and passwords that are stored on your Mac.

"There are no visible symptoms for this Mac virus, except for making sporadic connections to unknown servers that can be only seen in the Firewall logs, if any firewall is in place," Boris Sharov, CEO of Doctor Web, told Mashable. "The symptoms also depend on the payload that may be downloaded upon the command from the control server."

Although Sharov said it's difficult to prevent contracting the virus, it's not impossible.

"The bad thing about these types of infections is that it is hard to prevent them without disconnecting one's computer from the Internet all together," Sharov said. "We advise Mac users to strictly follow Apple's security updates. Don't neglect them."

To protect your computer from contracting the virus now, download Apple's latest software update. Click the Apple logo located in the top-left section of the desktop and select Software Update. Install all of the available updates as soon as possible.

"Unfortunately, the number of infected computers is still increasing," Sharov said. "This means that users are careless about security patches, and they shouldn't be."

Sharov also advised Mac users to install anti-virus software, even though many think it's unnecessary to do so for Apple computers.

Although symptoms are minimal, there are a few things you can do to see if you are infected. Sharov suggests the following steps (note: we posted the html below as an image so you could read the full code):

  • Go to the Mac's Library folder and select LaunchAgents. There should be several files in that catalog.
  • Search all files in the folder for the following contents:


  • Look for the file name specified in the ProgramArguments key. This is where the file BackDoor.Flashback.39 would be located. If the file is empty, it means that none of your programs are meant to start automatically. It also means that you are not infected.
  • To see if this is the trojan, scan it with anti-virus software for Mac OS or upload it to VirusTotal website.
  • To cure the machine, delete both files.
  • Removing the files should restore your computer.

Instead of following those steps, Sharov said you could also run a scan by downloading the free Dr. Web Light from the Apple App Store.

The news comes after Apple continues to position OS X as a more secure alternative to other computer makers.

"A Mac isn't susceptible to the thousands of viruses plaguing Windows-based computers," Apples notes on its homepage. "That's thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part."





No comments:

Post a Comment