What is flashback and Am I affected ?
Flashback only affects Mac Systems.
Flashback is a Mac (OS X) Trojan/Malware which infects your computer in several ways. Initial infection was done by the malware masking itself as a Adobe Flash installer. However, later variants have been know to infect a system if you visit a website hosting a malicious advertisements (drive-by-download)
How do I protect myself?
- Keep your system current with the patches by clicking on Apple Icon on top left corner of your screen and select "Software Update"
- Make sure you install Java update: http://support.apple.com/kb/HT1222, which "Software Update" will provide.
- Make sure you have Sophos anti-virus installed and updated. It is detecting current variants of Flashback.
- Make sure that you have latest versions of browser plugins running: http://go.lbl.gov/browsercheck
Am I infected?
In most cases, Berkeley Lab employees will know they are infected because the cyber security group will remove the computer from the network. If you then contact the IT help desk and the cyber security group, they will give you the bad news. However, Kapersky has recently put up a site where you can check to see if you are infected. Note this site is not a 100% assurance you are clean. It is possible to be infected and not show up on this site.
How to clean infections?
Flashback is proving to be very difficult to detect and remove. There are not obvious signs you are infected. You may want to seek professional IT help to remove the virus. Call the IT help desk at x4357. None of the following is assurance the malware has been successfully removed.
- Recommended - Apple has released an update to Java that removes common Flashback variants. Just run software update to get it.
- Recommended - The Kapersky tool has been reported to work well
- There are many cleanup instructions on the Internet now, you many need a combination of tools to detect and removal all versions.
- Karpersky removal tool
- F-secure flashback detector
- Sophos is now detecting certain variants of flashback, but no all of them. Please update your definitions and run a full system scan.
- F-Secure version I
- F-SEcure version K
- Tom Webb's cleanup script
- Mashable cleanup instructions and script
- Github tool
- F-Secure removal tool
I want to know more
Why do I see "Insecure Version" for Mozilla Firefox at Qualys Browsercheck when I have the latest version installed?
The version information for your Mozilla Firefox browser may have been changed by your installed plugins. You can reset the version information by using the link below. Then re-scan your browser and check the status again in the BrowserCheck results.
The above answer is taken from a larger FAQ on Qualys's website: