Submitted by Pixel Chimp on Thu, 05/04/2012 - 21:18

Here is a script to test for the presence of flashback on Mac OS X. There is info describing it & other variants on and the weblog.

The script performs the ‘defaults read’ commands that f-secure recommend in step 1 & step 9 of their detection instructions.

The script does this for every known browser (hardcoded in the source), since it seems that’s how flashback works. This is probably overkill since it has only been detected in Safari & Firefox.

To run the script grab from

  • Open up the downloaded tar.gz
  • cd [drop expanded folder into Terminal]
  • chmod 755
  • ./

If you don’t see a big OK, go check the instructions to verify you are infected & remove it.

Note: Tested on 10.6.8

Grab & run it this…

mkdir flashback && curl -L | tar xz –strip 1 -C flashback; cd flashback; chmod 755; ./