Macintosh Flashback Virus

PLEASE NOTE:

Apple has released a security patch for this virus. If you are using OS X 10.6 or 10.7, make sure and install all available updates for your mac. The patch was released as an Apple update, so installing the update will take care of the virus.

  1. What is the Flashback Virus?
  2. What about the new Flashback variant?
  3. How do I remove the virus if it is on my Mac?
  4. How can I protect my Mac from this and other possible infections?
  5. I'm not sure what my OS is, will this fix work for me? (10.5 users click here)

 

What is the Flashback Virus?

The Flashback virus targets a security hole in the Java software installed on your computer. Java is included with OSX, the operating system on your Mac. The virus is designed to steal personal information in the background without the user noticing, so once your computer is infected, you may not see any difference in the way it runs. To find out if your computer is infected, read the section below.


 

What about the new Flashback variant?

A new variant of the flashback virus has become available. In order to check if your device has this new variant you will need to open a terminal window by either searching for it using the Finder, or by opening Applications->Utilities->Terminal, then typing the following commands:

  • cd /Users/Shared
  • ls -al

You will be looking for any files ending in the extension ".so". There is a pending list of possible files that may be listed in that directory, so far they are:

  • .PCImageEditor.so
  • .AllXilisoftVideo.so
  • .memalloc.so
  • .DocumentConverterdocPrint.so
  • .InternetHistoryKiller.so

There are several other files that may be there, their names and locations are as follows:

  • /Users/Shared/.svcdmp
  • ~/.MACOSX/environment.plist
  • ~/Library/Logs/vmLog

For removal instructions, read the information below:


 

How do I remove the virus if it is on my Mac?

Apple has released a software update that should fix the most common variants of the infection: directions on downloading that update are provided below:

  • Click on the Apple drop down menu in the upper left corner of the screen, and select "Software Update..."
  • Allow the machine to check for updates. There will be an update named Java Update for OS X 2012-003". Install the update!
  • Keep in mind this only covers the most common variants: there are some instances of this virus that won't be fixed by this update. Install SEP if you haven't already, or some type of antivirus protection!

Removal instructions using Symantec Endpoint Protection can be found on the Symantec Website here. If you do not have symantec installed, you can download and install it from the OSUWare Website (Free for Students and Faculty/Staff).

PLEASE NOTE: The removal process involves running scans and possibly installing programs on your Mac. If you are not comfortable doing this on your own, you can get help on campus:

  • Students:
    If you have a Macbook laptop, bring it to the Walk-Up Computer Helpdesk
    in the Valley Library. If you have a desktop, or you are unable to get to campus, you can call the OSU Computer Helpdesk for help over the phone.

  • Faculty with personally owned computers:
    If you have a Macbook laptop, bring it to the OSU Computer Helpdesk
    on the 4th floor of the Valley Library (in the administration office). If you have a desktop, or you are unable to get to campus, you can call the OSU Computer Helpdesk for help over the phone.

  • Faculty with department issued computers:
    Contact your department support group for help

 

How can I protect my Mac from this and other possible infections?

There are several steps you can take to keep your Mac safe from infection.

Keep your Mac (and other programs) up-to-date

All viruses are designed to exploit security holes in different programs, and most updates work on patching these holes as they are discovered. Using out-of-date software makes it easier for infections to target your system.

To check your Mac for Apple updates:

  1. Click the Apple symbol in the upper-left hand corner of your screen
  2. Click the "Software Update" option. This will check for any Apple related updates. It will allow you to install if any updates are found.

To check your Mac for other program updates:

This varies based on what program you are using, but it can generally be found by opening the program, then looking for an "Updates" option in one of the top menus.

Updating your Operating System:

Older Mac Operating Systems (OSX) have additional vulnerabilities that newer versions don't have. The latest versions of Mac OSX are 10.7 and 10.6. You can check which version of OSX you are using by clicking the Apple symbol in the upper-left hand corner of your screen, and clicking on "About this Mac". If you have a version that is below 10.6, you may want to consider purchasing an upgrade for your computer if possible. Contact the OSU Computer Helpdesk for more details.

 

Install an Anti-Virus Program

OSU offers Symantec Endpoint Protection for free to all students and faculty using personally owned laptops. There is a Mac version available which you can download and install from the OSUWare Website. If you need help installing an Anti-Virus program, you can bring your Mac (If it is a laptop) to the Walk-Up Computer Helpdesk in the Valley Library. Note if you are faculty with a department owned Mac, you will need to contact your department support group for help.

 

Practice safe browsing habits when using the internet

Browsing to the wrong website is one of the most common forms of infection. Follow the suggestions on the safe browsing page for safe browsing tips.


 

I'm not sure what OS I use, what fix should I try?


Currently, 10.5 users and earlier are going to have to disable their Java until they can remove the infection, as the new update from Apple doesn't cover their OS. If you're not sure on how to find your OS version, follow the directions below:

  1. From the Apple menu (apple symbol in upper left-hand corner), select "About This Mac".
  2. The resulting window shows your operating system version.
  3. IF you have OSX 10.5 or lower, please use the following directions:
    • Click the Search button in the upper right hand corner, and type in “Java
    • Java Preferences should be the first item that comes up, click on it.
    • On the menu that comes up, uncheck all the boxes. This will disable Java for you.

PLEASE NOTE: If you are using OSX 10.5 or earlier, we highly recommend (for security reasons) that you look into purchasing an update if your computer supports it. If you have questions about updating, contact the OSU Computer Helpdesk.

If you are faculty and using a department issued laptop, you should be eligible for an upgrade through your department. Contact your department support group for help.