Photo by Amanda Excell
Thought your Mac was invincible against viruses? Well not quite. Mac owners should be on the look out for a new virus infecting Apple computers. The virus is called Flashback or Flashfake and it has infected over 600,000 Macs through a hole in Java. As a botnet Trojan, it is an identity-stealing virus that takes screenshots and steals users’ passwords and personal information.
The virus infects a computer when a user visits a site with the malicious Java applet. It does not require a password to lodge into the machine, but it does prompt for a password- posing as a very legitimate looking update to Adobe’s Flash animation software- to run. If the user doesn’t fall for the trick, the virus scans the computer for various applications, such as Microsoft Office, Skype and Little Snitch, and if it finds any, it will self-delete. If it does not, it contacts the command-and-control server to install more malware and begin identity theft. So even if a user does not volunteer a password, the virus can still infect the computer.
The first thing to do is find out if your Mac is infected. Kaspersky Labs, the company to first inform the public about the virus, has a website to detect it. Going to http://flashbackcheck.com/ and entering your Mac’s UUID code will tell you if the computer is infected. To find the UUID code, click on the apple in the upper left of the computer screen, go to “About This Mac”, click on “More Info,” and it will be listed. This website runs your computer’s UUID against the virus’s main database to check if your computer is listed.
If you are a little tech savvy you can run a trio of commands in the Terminal to find out if your computer is infected. Spotlight Search “Terminal” them copy and past in:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment defaults read /Applications/Firefox.app/Contents/Info LSEnvironment defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If your computer is not infected- or once it has been cleared- make sure your Apple software is up to date. Do this by clicking on the Apple icon in the upper left corner of your screen and clicking on “Software Update.” Make sure to update the Mac Security software and the Mac Java Update. The Java update fixes the hole in Java exploited by the virus. Another important precaution is disabling Java altogether; it is a largely outdated software with next to no current usefulness. For the Safari browser go to “Preferences,” then “Security.” For Firefox go to “Tools,” “Add-Ons,” “Plugins,” then click on “Disable Java Applet.” Google Chrome disables Java by default and instead prompts users to run Java every time a website needs it.
If your computer is infected, there are several means of removing the virus. Computers can be taken by appointment to the Mac Genius Bar on State Street or users can do it at home. Kaspersky Labs and F-Secure have downloadable Flashback removal tools.
Apple, this week came out with their own removal tool, however, this is not a Mac OS X software problem. It is a problem with Java. Apple has come out with Security updates that fix the hole and prevent infection, but there is no word yet if Apple will release its own removal tool.
So, for Mac purists who insist Macs don’t get viruses, well, they are “kinda” still correct as this particular virus doesn’t attack Mac OS X but rather Java, a third party software. But while Macs do have a statistically better track record with not getting viruses, compared to Windows, all computers can get viruses and users should get anti-virus software and be careful which sites they visit, what they download and where they enter their passwords.
While OS X is a very secure operating system, a lot of Mac’s safety comes from the fact that a statistically small portion of the population uses Macs and the market is not there for virus creators. The perception of Mac prevalence may be distorted at UCSB due to the high volume of Macs at our campus and the Mac Store in the UCen. Macs only make up 6.4 percent of desktop use while Windows makes up 92.48 percent, according to PCWorld.
The next version of Mac OS X software, Mountain Lion, will come with Gatekeeper, a system to further enhance Mac’s security. Mountain Lion is set to be released summer 2012.