{"id":533,"date":"2012-04-09T13:12:54","date_gmt":"2012-04-09T13:12:54","guid":{"rendered":"http:\/\/paulgurney.com\/whats_new_blog\/?p=533"},"modified":"2012-04-09T13:15:34","modified_gmt":"2012-04-09T13:15:34","slug":"is-your-mac-infected-with-flashback","status":"publish","type":"post","link":"https:\/\/paulgurney.com\/whats_new_blog\/2012\/04\/is-your-mac-infected-with-flashback\/","title":{"rendered":"Is your Mac infected with Flashback?"},"content":{"rendered":"<p>Earlier variants of this new malware against Macs target <em>Safari<\/em> and <em>Firefox<\/em>. Recent variants only target <em>Safari<\/em>.<\/p>\n<p>How to locate an infection by the Flashback trojan?<\/p>\n<p>Type or copy\/paste\u00a0 this command into MacOSX <strong>Terminal<\/strong>:<\/p>\n<blockquote><p>defaults read \/Applications\/%browser%.app\/Contents\/Info LSEnvironment<\/p><\/blockquote>\n<p>From the <a title=\"Mac Malware Flashback\" href=\"https:\/\/www.f-secure.com\/weblog\/archives\/00002336.html\" target=\"_blank\">excellent post<\/a>: https:\/\/www.f-secure.com\/weblog\/archives\/00002336.html<\/p>\n<p><img decoding=\"async\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGgAAABWCAIAAACsDkQrAAACO2lDQ1BJQ0MgUHJvZmlsZQAAeAGtk09o03AUx79p0U3UqUOH4CUHGQpVYmtBELRb\/0i3UmPXMbdbm6Z\/tEljklYdnj170stOCuJBLyJMPIhHL4Ii6BAP4mngcWMIZcTvLzEtgsOLLyT55PF97\/d+7\/0CRDcrltWOADBM1y5dmpavLi7JI18h4Rgm+Dxf0RxrSlULlOxgW5+oo308JXIp2YvrB1aM5zPJQ\/0XP37e2CEodI\/ZXBCQYnQcbgScElwNuCz4pmu51DQFa81KjXyHHLPLpTT5CXmsEfBLwdWA3wruaQ0Ru0ZWzFrLBCKj5HM13dHIKXKj5mgGmXkkGEaH+aMi5wnNshkbfU8+LvrCN637HbgwT\/3m0Ld0BXhG35F7Q9\/kI5bbBl49HPo21vxeSROjTj0R99NJe1eBXfc9b2MBGDkJbH\/2vP6q520\/5tpfgDdbWtfu+VoWKL0D\/vUd7DnIDnzgHmj+jP7OQV98lQKwbLAUiJGvpIDJB8B4H1DJ5RQiiUR4Bz2kDNifyRYKclxRkjlVBP9XM9pdzsq3cT73mdXiZb6P8l63XLUcstOby4Zcb+XyIdcqmdmQl5vpYsh1O1cK+VplRg1ZN+fnQrba\/tn\/vdb0QK872YFmuVkWe\/Y1drfEcxDw9c7sQF\/TM4PazHZRNNfXt9z8oH5kkGXbC5ARh8IriRxULARnkhE4+BT4tufsYqLw+u5u4fjDXP2WP+t0x7pttxpNV57iH6nH5LypnY5xOmfi+AXsOLC\/ETOQmQAAAAlwSFlzAAALEwAACxMBAJqcGAAACuZJREFUeAHtnEfoFcsSxp\/XjAFzQtAn5oToQkUxYEIEURQxgW4U1J3iQgyIuhAxiyLqVsyCAdGNYsZnxIQZ9ZlzzuH99OMWfXvmhP+cGR\/K9GKorq6qrvq6uvuc6dOn2Pfv3\/+VlqIj8FfRVVKNHwikwEXMgxS4FLiICERUSzMuBS4iAhHV0oxLgYuIQES1NONS4CIiEFEtzbgUuIgIRFRLMy4icCUi6uWt9u3bt7xl4xf866+kMiNZ4M6dO1eiRIkvX74IkmLFikHYiyyqRsN3W72mUERzyqjrVq1ahaoXyEwQOEB58+ZNgwYN3r9\/X6CX0dTLli1748YN3NCQRDOSSStZ4D5\/\/nz37t0PHz6UKlUqdNYoazIFZvnoJZdXdWMTTF+\/fqXrMmXK8PwtgVPkBLBjx47Tp09DeEi5kBlMLhDQHt+qRmgZpSrOx48f27ZtO2DAAOmK6dksvJpgxplz5NrVq1dPnTpVrlw5Q4pof0Ya\/uKeJkHshi3a0zKmYELr7du3FSpUKF68OHlnPsROJAucguTJOs1sVcYRQ8mSJQGOTYPYLF+82EIBQsZDSlquMH2BmjgS9izHUk0WODetiIFqx44d69Wrd+zYsadPnwo4liEIixxCuWYYeYRhIcJ9ChGXo1GJBSnPSILAEQAF1w0I6EqVKk2aNInZdPDgwb179168ePHFixcIsDAhLOcUrVUzEeJnemKEQqsEvLALryYInJwz1wmDGQReY8eO7dWrV9euXXv27Hn9+vXNmzfv2rULYUVocWYiZFCD4clY1awVDlAmC8kCpzG3JwSL2s2bN9etW3fmzJlhw4ax\/eEZwIUCYfELERcXTFmrYjMZa4IQLYF4n8kCRzC4DijmNFtE+\/bt+\/fv365dOz4Y79y5c\/v27cgobEkaBGiJNnWrujImBtP6glYx3XiJBIHDbxtwJRQLWffu3adPn3758uUVK1YcPXr03r17nz59QpJ9lt1QEJCVKgaoC00wftRhGujoiiMHRAe1CuQkCByeyXWhRpUPdOfPn2eNu3LlCl8n1AqftY9PKjyhAQt8QVOAKuzQ4MWUcWjtzqD27t07qtihhCrSS+ElWeDkurwXfeHCBeAjuZRThM3knTFjRrNmzRSMYp4zZ86JEydyhodNPspQlGXqSKmHrkzlNBJNIFngcN28J0jCIypFCx+P9UmVLxWPHz\/Wl1m1Pn\/+nCryit9iU34ho\/yCkB091SpaTaJNPUbiVwCH9wrACAtAMG3ZskUf9+ELFEmavBABRze\/xDRTImCK+I2BI2zXewvJDVXAkVxkEEVNKIIRTVTRglArTJok46ImpjUhAK0iB6QS7zPZjLMYPKeJCo6gVGziSF6gwAcpICPLrFUqVnXNulDKTqiYq1IInSxwBE8J+qf4je\/JaD4CGXyCd4WtaqAECZmF\/6PvsN6t30KIxIEjAJXsXipfgIxPIZqSwstFDQsSw6BnzeWoOyCD+F2BIzyF4cWpKk3ChfCATCmmJgFkYqaOCrS1qmqtIsxmaKsnHLmaeMZpzENjIEKtYkDmCVjVCCJ06UwBI2OFrtV7JuFC+MkCZzEEXVSK8UQGBCnIQNszqCKOZPIRU++Z7BTITxY4nHPHHHQIRguZ8QWZC4TE3MDQMjGX72q5fOR\/JFtiOwN9JQucxlxPOmNKau2H9tBBxiJ3aWOK8JqyVGlS8SzEVU0QOPxmzP\/2\/zsvkVjR8DuYO8hYPFnoTE3S9VrVtZ5mPEYiqV8IWDAWgFAz14nTDdXkXYEg0+WgHhwDU4dIDjWMJw4c4XkBGF4K26puzMYMEiYWiprkeapTUzetuIhfAZznPQG7HDf+LFBawK6u0Ua4YjCBzzjxEgmucThqrgcDUxgu32gPWTdgk3EJg95lsjJ4me7aKZxOFjhcJwDisZDw2KUtgCxMmgwakzciFGVUgv2aSizELwIOX93gs2BhCBqBrkt7YavJFRAt4H7XqaqM40lRwIpKIFq0RnigeFUTCxJe3tHd7w0c3lOIio++HMG44VnwoBOkjVMkQqbsfYHg89CPq5rsVBVwBNC0aVM7AAy6buhYkzgu0DS5YmqCAyEtawW4Ro0acYpmpxZmNkYiceD0Natx48bNmzfP5LcHUD5iphIkUAc7\/ZrRlohMNiPzkwWOb6YEprkTdNHNF7UGOUGtfDhCk4xjfchHPoJMgsBx9McP\/O7fv6\/VLX\/n8oHPTTRZ1lR1+ZzY1q5dW+fc+feep+Q\/PsTnqZOnGNPk4cOHt27d0qG9tAgsu3oWgSxNrk0T48fTdevWrVGjBqnnCsRCJwgc\/iW6r3nxg5clnTUBWRKoYT9Z4CyAP4+IP4f\/PIxCI0qBC4UlNzMFLjdGoRIpcKGw5GamwOXGKFQiBS4UltzMFLjcGIVKpMCFwpKbmQKXG6NQid8buAcPHkyZMiU0sKSZRQOuQ4cO\/\/5ZePFQrVo10cuWLYvFS+4\/jBw5skim+Mn1woULi6QSmzBfjCOU1q1bc8MjgmIWFe6hv3z5MotAsOns2bMMYZD\/CzhFy7hMw8ULy\/Hjx5ODLVq0OHnypMT69u27ceNGbroNHz4cDtVt27YNGjSoevXqzC\/eONFUp06dpUuXSn7NmjWzZ8+G5voI\/0DAb\/i5vNSwYcOtW7dKYM+ePX369OE1Ue\/evbl2KGboc9asWVx54mXcmDFjANFscl8Ry7Vq1Vq8eLEUlyxZMnny5JkzZ8KkyZwPNfsPZrTB8TKOmAnpyZMnixYt6tevn2w2adKEfzLgp\/isRHBU5a7g\/v378YCLq7t37wZZLmKCOwLTpk0bMWIEBHnEu6AuXbrs27dv7ty5vHOXwQMHDnD5kB\/vcHtu4sSJkgzNuLVr13Iv8dGjR4wlF5\/M5tChQ48fP46T2Mdb+HTKSAAc48RtdMZSfeV8\/jgBiVA84LjUxlpDpnCDt2LFirwrxyZIrVy50oxTXb16tarly5fnlj7069evAZGXndAecDd+\/oHDpUuXEBCyZmr58uXc2qSac6pydQxhSXJaZHYYUcYMPp0OHjwYgsJdHm5GMTCqZn\/G8+qcKXDt2jUuUxIkAN25c4dr0NBMFp5WGFvRDDgTFjrTW0bui7DzIEBC8SQGnkxPNqL\/\/iyVK1eGk6kAChOc68T88QmLg8R40wl2onHSJnvp0qXF5CiOl9UMWJZzJesxnjWOGTFu3Lj\/\/F2EmvURF8FU4tyPm5oTJkzIYpO\/mxg1ahS3wUjqNm3ahEoyOTp16uQ1waxatSrwefzQajzAsfyvWrXq9u3b9MHlPWZEaGeFMDmiZa1kieAq+pEjR169euVZI+tZqmByPEQ+ctrAhTsWAa0G8FlADh8+DMF6wnXPzp07Q1MQ4w8CeMu\/fv36Hj16ZJoEErZnPMBNnTqVu86kQ8uWLZkFuG4dxEVwWMX2N3DgQLCjL1aGefPmucYPHTq0YMECONxbr1+\/PqvE6NGjhwwZApOFHz6IsN6xdXbr1m3+\/PksZ1JnqrJN4\/yGDRtY8lyb2ejsS2CRWsk1NrIiqRRVmA96+m0\/GcepYxZ1kkit2j1tG3n27JlO3dRqO5K2\/iwGvaZ4NgeNDMdxlGyjVHAbW7ZscGKb3ViVKlUkwLLlSmbaVWrWrOmK5aTjBC5nZ\/9HAfarTZs2BR1gdWaiBPk5OenxYE6IwgXi2RzCbf\/R3BS4iMObApcCFxGBiGppxqXARUQgolqacRGB+x8A3bc97+MhfQAAAABJRU5ErkJggg==\" alt=\"\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Earlier variants of this new malware against Macs target Safari and Firefox. Recent variants only target Safari. How to locate an infection by the Flashback trojan? Type or copy\/paste\u00a0 this command into MacOSX Terminal: defaults read \/Applications\/%browser%.app\/Contents\/Info LSEnvironment From the excellent post: https:\/\/www.f-secure.com\/weblog\/archives\/00002336.html<\/p>\n","protected":false},"author":55,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[27,22],"tags":[],"class_list":["post-533","post","type-post","status-publish","format-standard","hentry","category-computers-mac","category-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p415hC-8B","_links":{"self":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/comments?post=533"}],"version-history":[{"count":5,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/533\/revisions"}],"predecessor-version":[{"id":537,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/533\/revisions\/537"}],"wp:attachment":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/media?parent=533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/categories?post=533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/tags?post=533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}