You should run Software Update to install the update.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The following content is outdated. Use the update above.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The new Mac trojan, Flashback, has been infected 600,000 users. To check if your Mac has been infected, you can download the following script and run it in Terminal.
#!/bin/bash
SafariInfected=0
echo -n "Checking Safari... "
if [[ -z `defaults read /Applications/Safari.app/Contents/Info LSEnvironment 2>&1 | grep "does not exist"` ]]; then
SafariInfected=1
echo "INFECTED."
else
echo "NOT INFECTED."
fi
FirefoxInfected=0
echo -n "Checking Firefox... "
if [[ -z `defaults read /Applications/Firefox.app/Contents/Info LSEnvironment 2>&1 | grep "does not exist"` ]]; then
FirefoxInfected=1
echo "INFECTED."
else
echo "NOT INFECTED."
fi
DyldInsertLibrariesInfected=0
echo -n "Checking DYLD_INSERT_LIBRARIES... "
if [[ -z `defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 2>&1 | grep "does not exist"` ]]; then
DyldInsertLibrariesInfected=1
echo "INFECTED."
else
echo "NOT INFECTED."
fi
JavaPatched=0
echo -n "Checking Java... "
if [[ -n `which java` ]]; then
JavaVersion=`java -version 2>&1 | grep "java version" | awk '{print $3}'`
echo -n "(verion=$JavaVersion) "
JavaVersionNumber=`echo $JavaVersion | sed -e "s/[\"\._]//g"`
if [[ $JavaVersionNumber -lt 16031 ]]; then
echo "NOT PATCHED."
else
JavaPatched=1
echo "PATCHED."
fi
else
JavaPatched=1
echo "PATCHED."
fi
if [[ $SafariInfected -eq 1 || $FirefoxInfected -eq 1 || $DyldInsertLibrariesInfected -eq 1 ]]; then
echo "Warning: your system is INFECTED with Flashback Trojan." 1>&2
fi
if [[ $JavaPatched -eq 0 ]]; then
echo "Warning: your Java is not patched with Java 1.6.0_31. You need to run Software Update to install the Java update, which protects from the Flashback Trojan." 1>&2
fi
~
How to run it?
- Download the script.
- Extract chk_flashback from the downloaded tar.gz file.
-
Open Terminal and run it.
chmod +x chk_flashback; ./chk_flashback
No comments:
Post a Comment