John C. Welch (one third of the Angry Mac Bastards podcast) has put together a simple script you can use to check if your Mac is infected by the Flashback Trojan:
Note, this is a very simple script. If your home directory path isn’t /Users/<shortusername>/ you’ll get false positives. But if you’re astute enough to have network homes and homes on random volumes, etc., you’re astute enough to run the F-Secure check without my help.
The recently discovered Flashback Trojan takes advantage of vulnerabilities found in Java on OS X. Apple released an update this week to patch the issue. If you haven’t already, run Software Update now on your Mac and get yourself patched.
Trojan-Downloader:OSX/Flashback.K connects to a remote site to download its payload; on successful infection, the malware modifies targeted webpages displayed in the web browser.
It has been claimed that more than 500,000 Mac users have been infected with this trojan. But I have yet to find it on any of these machines I manage, and neither have any of my friends, colleagues, or people I follow on social networking sites.
