Flashback masquerades as an Adobe Flash updater. It is said to have infected 600000 Macs throughout the world. That is about 1% according to some estimates.

Do you have Flashback on your Mac? If so,now can it be removed? Read on.

Detection:

You can tell if you have Flashback by running a couple of commands. You can also check Kaspersky’s Flashback detection page, which checks your Mac’s ID against their database of infected machines.

To check for yourself, open up Terminal (in your Utilities folder) and type these lines and press return. You can copy/paste them one at a time instead – much easier.

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

This is one of the few times you want to see an error message. You should see something like ” the defaults pair does not exist.” if you see that error for each of these commands, you are clean.

If not, you have some cleanup to do. You can use Kaspersky’s removal tool, or proceed to remove them manually.

Removal:

See this F-Secure page for step-by-step instructions. I don’t see any reason to repeat them verbatim here.

Next steps:

Once you’re clean, youll want to stay that way.

If you haven’t already, run Software Update (in the Apple Menu) and install all available updates. Repeat until it tells you your Mac is up to date. You’ll possibly want to disable Java in your browser, too. It’s not used terribly often these days, and this is the way it got in in the first place. If you run into a legitimate web page that needs Java, you can always turn it back on temporarily.

You may also want to install antivirus if you don’t already have it. There is no guarantee it will catch the next new variant to come out right away, but it might help. Sophos and ClamXAV both have good reputations and are free.

Of interest is the preliminary list of apps ( http://www.macworld.co.uk/digitallifestyle/news/index.cfm?newsId=3225415 ). I am not at all surprised that almost all of these apps are screensavers (all of which are produced by 7-art Screensavers). The lone exception is an app (Mishinc FLV Converter) that purports to extract the sound from FLV video files.

Intego, also not surprisingly, says their internet security application will catch this and the other couple of Mac malware items, if it has current (6/1) definitions.

Keep in mind, that these apps are all free screensavers and 1 video converter. Historically, these have been one of the most popular vectors for spyware and adware in the Windows world. Seems the authors believe Mac users are just as liable to go for the free eye-candy.

As I’ve always recommended, avoid free screensaver and free wallpaper/desktop background sites, as well as video codecs/converters that don’t come from sources you’ve vetted and trust. This applies whether you have a Mac or Windows machine.

Scam I: Charity Phishing Scams – Be Careful Who You Give To

During the holiday season, hackers take advantage of citizens’ generosity by sending e-mails that appear to be from legitimate charitable organizations. In reality, they are fake Web sites designed to steal donations, credit card information and the identities of donors.

If you receive an appeal from your favorite charity, you can always bypass the link in the email. Just open up your web browser (Internet Explorer, Firefox, Safari, etc) and type in the web site of the charity in question, i.e. www.oregonhumane.org) instead.

Scam II: Fake Invoices from Delivery Services to Steal Your Money

During the holidays, cybercriminals often send fake invoices and delivery notifications appearing to be from Federal Express, UPS or the U.S. Customs Service. They e-mail consumers asking for credit card details to credit back the account, or require users to open an online invoice or customs form to receive the package. Once completed, the person’s information is stolen or malware is automatically installed on their computer.

I’ve received quite a few of these, purporting to be from FedEx, UPS, USPS, DHL, and a few companies I’ve never heard of. The delete key works wonders.

Scam III: Social Networking – A Cybercriminal “Wants to be Your Friend”

Cybercriminals take advantage of this social time of the year by sending authentic-looking “New Friend Request” e-mails from social networking sites. Internet users should beware that clicking on links in these e-mails can automatically install malware on computers and steal personal information.

I just cleaned up one of these last week. It was described as having begun when the user clicked on a link in a [fake] FaceBook email.

Scam IV: The Dangers of Holiday E-Cards

Cyber thieves cash in on consumers who send holiday e-cards in an effort to be environmentally conscious. Last holiday season, McAfee Labs discovered a worm masked as Hallmark e-cards and McDonald’s and Coca-Cola holiday promotions. Holiday-themed PowerPoint e-mail attachments are also popular among cybercriminals. Be careful what you click on.

Scam V: “Luxury” Holiday Jewelry Comes at a High Price

McAfee Labs recently uncovered a new holiday campaign that leads shoppers to malware-ridden sites offering “discounted” luxury gifts from Cartier, Gucci, and Tag Heuer. Cybercriminals even use fraudulent logos of the Better Business Bureau to trick shoppers into buying products they never receive.
This is not a new scam. We all receive daily spam offering Cartier, Gucci, Rolex, and Viagra. The only new part is dressing these in holiday gift motifs.

Scam VI: Practice Safe Holiday Shopping – Online Identity Theft on the Rise

Forrester Research Inc. predicts online holiday sales will increase this year, as more bargain hunters turn to the Web for deals. While users shop and surf on open hotspots, hackers can spy on their activity in an attempt to steal their personal information. McAfee tells users never to shop online from a public computer or on an open Wi-Fi network.

I’d be wary of shopping on someone else’s computer, too, unless you’re absolutely certain they’ve taken the usual precautions against malware, and that you trust them. So-called friends and family members have indeed been known to er… borrow… accounts from time to time.

Scam VII: Christmas Carol Lyrics Can Be Dangerous – Risky Holiday Searches

During the holidays, hackers create fraudulent holiday-related Web sites for people searching for a holiday ringtone or wallpaper, Christmas carol lyrics or a festive screensaver. Downloading holiday-themed files may infect one’s computer with spyware, adware or other malware. McAfee found one Christmas carol download site that led searchers to adware, spyware and other potentially unwanted programs.

Another old scam – screensavers, wallpaper, ringtones, free computer stuff in general is often a thin veneer to convince you to install adware, spyware, and the like. Just add a holiday motif to double your “sales”.

Scam VIII: Out of Work – Job-Related E-mail Scams

The U.S. unemployment rate recently spiked to 10.2 per cent, the highest level since 1983. Scammers are preying on desperate job-seekers in the poor economy, with the promise of high-paying jobs and work-from-home moneymaking opportunities. Once interested persons submit their information and pay their “set-up” fee, hackers steal their money instead of following through on the promised employment opportunity.

I’ve seen a number of “work for Google at home” ads lately. Each one appears to be a personally written testimonial. Actually, it’s boilerplate copy. If you do a Google search for phrases contained in the “article”, you’ll find many similar ones, where only the names (and sometimes the pictures) have been changed. These are identical to the “work from home” newspaper ad scams of days ago. Send $1 plus a self-addressed-stamped-envelope, and you too will receive a badly photocopied sheet of instructions on how to place ads for profit, asking others to send $1 plus SASE.

Scam IX: Outbidding for Crime – Auction Site Fraud

Scammers often lurk on auction sites during the holiday season. Buyers should beware of auction deals that appear too good to be true, because often times these purchases never reach their new owner.

This holds all year round.

Scam X: Password Stealing Scams

Password theft is rampant during the holidays, as thieves use low-cost tools to uncover a person’s password and send out malware to record keystrokes, called keylogging. Once criminals have access to one or more passwords, they gain vast access to consumers’ bank and credit card details and clean out accounts within minutes. They also commonly send out spam from a user’s account to their contacts.

Scam XI: E-Mail Banking Scams

Cybercriminals trick consumers into divulging their bank details by sending official-looking e-mails from financial institutions. They ask users to confirm their account information, including a user name and password, with a warning that their account will become invalid if they do not comply. Then they often sell this information through an underground online black market.

McAfee Labs believes cybercriminals are more actively scamming consumers with this tactic during the holidays since people are monitoring their purchases closely.

This is most emphatically NOT a holiday-specific tactic. This occurs every day, all day, all year long. Again, don’t click on links in emails that want to “update your security information”

Scam XII: Your Files for Ransom – Ransomware Scams

Hackers gain control of people’s computers through several of these holiday scams. They then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible. The scammer holds the user’s files ransom by demanding payment in exchange for getting them back.
Keep your antivirus up to date, and watch what you click on.

There are a few important ways you can protect yourself.

1. Never Click on Links in E-Mails: Go directly to a company or charity’s Web site by typing in the address or using a search engine.

2. Keep your anti-malware software up to date. AVG has a free version, McAfee can often be had for no additional cost, depending on your Internet Service Provider. Microsoft has released “Microsoft Security Essentials”, which so far seems fairly good, and unobtrusive.

3. Shop and Bank on Secure Networks: Only check bank accounts or shop online on secure networks at home or work, wired or wireless. Wi-Fi networks should always be password-protected so hackers cannot gain access to them and spy on online activity.

Also, remember to only shop on Web sites that begin with https://, instead of http://, and seek out Web sites with security trustmarks, like McAfee SECUREâ„¢.

“Security trustmarks” can be faked, and on picture on a website looks just like another to the average user. Shop from sites for which you have read good reviews or for which you or others you know can vouch.
If you are not sure, google the name.
I have purchased from B & H Photo Video and Adorama happily. I’ve seen really good deals advertised elsewhere, but some searching has revealed that the web sites are thinly veiled fronts for shops that barely exist, and either take the money and run, or employ high-pressure tactics to upset unneeded items.

An example is “PriceRitePhoto”. A search on the name brings up this article – http://thomashawk.com/2005/11/priceritephoto-abusive-bait-and-switch-camera-store.html , which links to this article – http://www.pcworld.com/article/107855/camera_confidential.html . It’s a few years old, but telling.

4. Use Different Passwords: Never use the same passwords for several online accounts. Diversify passwords and use a complex combination of letters, numbers and symbols.

This is extremely important. I do use the same few relatively simple passwords on multiple sites, but none are highly sensitive. Websites that require login to post comments, and so forth. My email accounts get more complicated passwords, and banking accounts get different, strong, passwords. I recommend passwords that have a “ring” to them, just35long! is one I just made up based on a card sitting on the table where I’m typing.

5. Use Common Sense: If you are ever in doubt that an offer or product is not legitimate, do not click on it. Cybercriminals are behind many of the seemingly “good” deals on the Web, so exercise caution when searching and buying.

6. If in doubt, see rule 5.

Happy holidays!

Scott