WHAT'S HAPPENING?
A piece of malware for Macs is spreading, causing infected Mac computers to join a botnet.
WHY IS IT HAPPENING?
Affected Macs have been infected with the Flashback trojan.
WHO IS AFFECTED?
It's been reported that over 600,000 Macs worldwide have joined the botnet.
WHAT DO YOU NEED TO DO?
Mac users should ensure that they have the applied the Java for OS X 2012-001 patch, available through Software Update, and are using up-to-date antivirus software. McAfee VirusScan for Mac is available for GT faculty, staff, and students from http://software.oit.gatech.edu.
The patch will prevent infection but will not cure an already-infected machine. To check for the presence of the infection, run the following commands in Terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment defaults read ~/.MacOSX/environment DYLDINSERTLIBRARIES
If you receive error messages like those below, your Mac is not infected with this trojan.
The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist The domain/default pair of (/Users/joe/.MacOSX/environment, DYLDINSERTLIBRARIES) does not exist
If you do not receive results like these, you may be infected. You should run a full scan with an up-to-date antivirus product. If your antivirus product is unable to remove the infection, manual removal instructions are available at http://www.f-secure.com/v-descs/trojan-downloaderosxflashbacki.shtml. You may also contact the TSO Help Desk for removal assistance on GT-owned Macs.
WHO SHOULD YOU CONTACT FOR QUESTIONS?
The TSO Help Desk (CCB 148, 404-894-7065, helpdesk@cc.gatech.edu).