rationalskepticism.org

felltoearth wrote:Apparently the Trojan requires your password to install a spoofed version of Flash Player from a malware site. Supplying a password to an untrusted install from a dodgy site is like letting a thief in through your front door. FYI, any legit site will send you directly to Adobe to install Flash and will not have you install directly from their site. If you are installing an app or plugin that requires your password, it's buyer beware.

Incidentally, as recommended, I checked using the Terminal app (it's in your Utilities folder) and my system's clean. Also patched Java using Update today.

Here are instructions for those concerned:

http://arstechnica.com/apple/news/2012/04/how-to-check-forand-get-rid-ofa-mac-flashback-infection.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

First, launch Terminal from /Applications/Utilities on your Mac. Then individually type or paste these three lines into the Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If the Terminal returns back to you lines that look like this:

The domain/default pair of (/Users/jacqui/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

Then you're home free and you're not (yet) infected by Flashback. You can proceed to the "Run Software Update" section of this post. If they do return results, then it's likely that you are infected. But worry not, as there are ways to get rid of the malware that will only hurt for a second.