We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Free tool detects Flashback Mac malware pestilence

Download and run rather than hunt up UUID or type commands into Terminal

A Mac developer has posted a tool that detects a Flashback malware infection on Apple's computers.

How to check if your Mac is Flashback infected

The tiny tool -- it's just a 38KB download -- was created by Juan Leon, a software engineer at Garmin International, the Kansas-based company best known for its GPS devices.

Ars Technica first reported on Leon's FlashBack Checker.

The tool spots the malware by automating a tedious process first described by security firm F-Secure last month. F-Secure's procedure required entering multiple commands in Terminal, the Mac OS X command line utility.

When Flashback Checker is run, it displays "No signs of infection were found" or provides additional information if it does detect changes the malware has made to the Mac.

Unlucky users can scrub Flashback from their machines using commercial security software -- both French vendor Intego and Finland's F-Secure offer free 30-day trials to their Mac antivirus products -- or use the complex instructions posted by the latter here.

According to Dr. Web, the Russian security company that was the first firm to quantify Flashback infections, nearly 2% of all Macs have been hit by the malware.

Dr. Web used a different technique to detect Flashback than Leon. Rather than examine the Mac itself, Dr. Web's tool compares the UUID (universally unique identifiers) of a machine to the list of UUIDs of infected Macs it compiled after commandeering a hacker command-and-control (C&C) server.

Flashback has been in circulation since last September, but only in the last several weeks has the malware been installed silently via "drive-by" attacks that rely on exploiting a just-patched vulnerability in Oracle's Java.

Apple quashed the Java bug on April 3, or seven weeks after Oracle had patched the vulnerability for Windows and Linux users.

Flashback Checker had been downloaded nearly 36,000 times from the github source code repository as of 4 p.m. ET Monday.

Juan Leon's free tool automates a Flashback detection process that requires users to enter several commands in Mac OS X's Terminal app.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is [email protected].

See more by Gregg Keizer on Computerworld.com.

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia