Reply to comment

flashback-test.sh

Submitted by Pixel Chimp on Thu, 05/04/2012 - 21:18

Here is a script to test for the presence of flashback on Mac OS X. There is info describing it & other variants on f-secure.com and the f-secure.com weblog.

The script performs the 'defaults read' commands that f-secure recommend in step 1 & step 9 of their detection instructions.

The script does this for every known browser (hardcoded in the source), since it seems that's how flashback works. This is probably overkill since it has only been detected in Safari & Firefox.

To run the script grab flashback-test.sh from github.com.

  • Open up the downloaded tar.gz
  • cd [drop expanded folder into Terminal]
  • chmod 755 flashback-test.sh
  • ./flashback-test.sh

If you don't see a big OK, go check the f-secure.com instructions to verify you are infected & remove it.

Note: Tested on 10.6.8

Grab & run it this…

mkdir flashback && curl -L https://gist.github.com/gists/2314150/download | tar xz --strip 1 -C flashback; cd flashback; chmod 755 flashback-test.sh; ./flashback-test.sh

 

 

Reply

  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <br> <p>

More information about formatting options

(verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.

User login