New trojan horse attacks 600,000 Macs

Apple can no longer completely pride itself on being “virus free.” A new trojan, termed the “Flashback Trojan,” has infected around 600,000 Apple computers. Below is a quick overview of what the Flashback Trojan is, how to check if a computer is infected, and how to remove it.

What is Flashback?

Flashback, which first appeared in September of last year, is a form of malware that is used to collect passwords for applications like Skype and email programs; it then sends this login information to remote servers and thereby violates a user’s privacy. At its most recent stage, Flashback was able to install itself on a computer without any user interaction. The malware came in a package that looked similar to the installation screen for Adobe Flash, a plugin used to display content on certain websites. Apple hasn’t shipped their computers with Flash in over a year, making users more likely to attempt to download the plugin themselves and potentially infect their computer.

How to know if a computer is infected with Flashback

As of right now, the best and easiest way to check if a computer is infected is to use Dr. Web’s online web utility, available here. This will check a Mac’s hardware alongside a list of computers that have already been infected. If it can’t find a machine, that machine is clear.

How to remove Flashback

CNET provides a step-by-step guide to remove Flashback here. Using that process, a user will use the Terminal application to run certain commands, track down bad files, and manually delete them. Tools will likely be built in the near future to delete the files automatically, but for now, one must follow the guide in the mentioned link.

Keep in mind that a user can be infected more than once, even if he or she deletes the malicious files once. The most important step to protecting a computer is to only install software from trusted sources and stay away from additional plugins unless absolutely needed by a trusted website or other online source.

Comments are closed.