Are you at risk to Flashback?

Posted byRoger

Recently a new malware virus for the Mac OS called Flashback got a lot of attention when antivirus company Dr Web published that 600,000 Mac’s are infected. This is a substantial number of Mac users and deserves more attention than most publications are giving it. The reason that Flashback is such a large threat is that it can infect your computer without you having to enter your admin password. However you can protect yourself fairly easily from this virus as it is taking advantage of a vulnerability in Java which in many cases isn’t even on your Mac OS and if you use the Google Chrome browser is highly restricted from causing any issues.

Macworld.com wrote up a very interesting piece which I recommend you read. This part was the first thing you should go through:

Am I at risk?
You are at risk if you meet four criteria:

1. You have Java installed on your Mac. One way to find out: Open Terminal and type java -version at the prompt. If you do have Java installed, you’ll get a version number. It is installed by default on OS X 10.6 Snow Leopard, but not by OS X 10.7 Lion. (But is installed the first time you need to run it, which means most Macs likely have it).

2. You do not have the Java for OS X Lion 2012-001 (if you’re running OS X Lion) or Java for Mac OS X 10.6 Update 7 installed (if you’re running Snow Leopard) or you were infected before either of them was installed. Both of those updates install Java version 1.6.0_31; running that java -version command above will tell you if that’s what you’ve got.

3. You allow Java applets to display in your browser. In Safari, go to Preferences > Security > Web Content and see if the Enable Java option is checked. You can turn that option off by unchecking it.

4. You do not have certain security tools installed on your Mac that Flashback checks for, including Little Snitch, Xcode, and a few anti-malware tools.

Antivirus vendors do not appear to have detected this particular version of Flashback for a few days after it appeared in the wild, though some vendors—including Intego—protected users with updates in late March. Malware often shares bits of code from earlier versions that may be detectable by antivirus products before those products have been specifically updated to catch newer versions, but such protection is hit-or-miss. (via Macworld)

Summary:

  • If you use Chrome you are safe from this virus.
  • If you have Lion you are safe from this virus.
  • If you use Safari be sure to disable Java.
  • Disable Java and do not allow Java applets to run from any website in your browser.
  • If you develop websites stop using Java
  • Do not let your web browser store your passwords as they generally are not encrypted and open you up to the underlying piracy problem that Flashback and viruses like it exploit.

Published by Roger

Roger has been building websites since 1996 and had drunk the kool aid when it comes to living and breathing online culture. After spending time at Godaddy selling domain names and hosting he dabbled in telecom selling CDN services for Limelight Networks and Level 3. In 2009 he realized the best way he could help businesses was to start his own focused on building websites, getting traffic to visit, become customers, and then service them more effeciently. He obsesses over content strategy, ad testing, page load speed, online services, support efficiency, and where to go on vacation. He lives in Phoenix, AZ with his beautiful wife, Kate, and two dogs: Bonzai and Zeke. He wants to know about your business and how to help you get more customers and service the ones you have even better. Twitter | Google+ | LinkedIn