Ars Technica is reporting on a new piece of Macintosh malware spreading on the Internet. The Flashback trojan has actually been seen over the past few months, but apparently it’s managed to infect a sizable number of systems.
Apple recently released a patch for Java that fixes the vulnerability, but you should also check if your Mac was infected before the update was applied. F-secure has complete instructions for manually checking your mac, but I’ve included abridged instructions below.
From Terminal.app run:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
You want to see an error stating that:
The domain/default pair of (...) does not exist
If both of the above commands give the same sort of error, your system should be clean.