advertisement
Deals | News | Forums

The Forum is sponsored by 
 

AAPL stock: $102.13 ( +1.24 )

*Cached every 60 seconds. For live updating, Click Here

You are currently viewing the Tips and Deals forum
Flashback trojan detection
Posted by: Marc Anthony
Date: April 09, 2012 10:45AM
For the convenience of forum members who may be unfamiliar/uncomfortable with the terminal, I've written a simple Flashback trojan detector. Launch Script Editor (in the AppleScript folder in Applications), copy/paste this code into the window, and press run. This is nothing more than a detector; it won't resolve any problems. No warranties, use at your own risk, yada, yada.

set checkOne to offset of "LSEnvironment" in (read file ((path to applications folder from system domain as string) & "Safari.app:Contents:Info.plist"))

try
	set checkTwo to offset of "DYLD_INSERT_LIBRARIES" in read file ((path to home folder as string) & ".MacOSX:environment.plist")
on error
	set checkTwo to 0
end try

if checkOne is 0 and checkTwo is 0 then
	display dialog "No trojan detected."
else
	display dialog "You in danger, girl."
end if

Both of the stupid smilies should be close parentheses... )



Le po├Ęte doit vivre beaucoup, vivre dans tous les sens. - Verlaine



Edited 1 time(s). Last edit at 04/09/2012 10:47AM by Marc Anthony.
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: space-time
Date: April 09, 2012 10:57AM
I saved the Script on Dropbox

[dl.dropbox.com]
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: space-time
Date: April 09, 2012 11:03AM
Quote
Marc Anthony
For the convenience of forum members who may be unfamiliar/uncomfortable with the terminal, I've written a simple Flashback trojan detector. Launch Script Editor (in the AppleScript folder in Applications), copy/paste this code into the window, and press run. This is nothing more than a detector; it won't resolve any problems. No warranties, use at your own risk, yada, yada.

set checkOne to offset of "LSEnvironment" in (read file ((path to applications folder from system domain as string) & "Safari.app:Contents:Info.plist" ))

try
	set checkTwo to offset of "DYLD_INSERT_LIBRARIES" in read file ((path to home folder as string) & ".MacOSX:environment.plist" )
on error
	set checkTwo to 0
end try

if checkOne is 0 and checkTwo is 0 then
	display dialog "No trojan detected."
else
	display dialog "You in danger, girl."
end if

Both of the stupid smilies should be close parentheses... )

what smilies? smiling smiley
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: JoeH
Date: April 09, 2012 11:44AM
Missing the check for users of Firefox that one of the original postings of the commands included. Same would need to be done for most other browsers except Chrome. As the Trojan can be specific to a single user account, if there are more than one user account used on a Mac all need to be checked.
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: Janit
Date: April 09, 2012 12:01PM
Quote
space-time
what smilies? smiling smiley

But won't adding those spaces mess up the script? Just checking you did it right before I run the script you put on drop-box. smiling smiley
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: space-time
Date: April 09, 2012 12:24PM
I don't think those extra spaces have any effect on the script. I first run it in the original form (no extra space, that's what I put in the dropbox), then I added the extra spaces and it run the same way.
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: deckeda
Date: April 09, 2012 12:27PM
... And, there's an app for that: [arstechnica.com]
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: space-time
Date: April 09, 2012 12:28PM
if checkOne is 0 and checkTwo is 0 then
	display dialog "No trojan detected."
else
	display dialog "You in danger, girl."
end if

strictly speaking, if no Trojan is detected, then the Girl is in danger.
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: mikebw
Date: April 09, 2012 12:44PM
Quote
space-time
if checkOne is 0 and checkTwo is 0 then
	display dialog "No trojan detected."
else
	display dialog "You in danger, girl."
end if

strictly speaking, if no Trojan is detected, then the Girl is in danger.

And the Boy, once the Dad finds out.
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: anonymouse1
Date: April 09, 2012 12:48PM
LOL! Thanks!

Quote
mikebw
Quote
space-time
if checkOne is 0 and checkTwo is 0 then
	display dialog "No trojan detected."
else
	display dialog "You in danger, girl."
end if

strictly speaking, if no Trojan is detected, then the Girl is in danger.

And the Boy, once the Dad finds out.
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: gabester
Date: April 09, 2012 02:30PM
Seriously, reading this script I'm laughing and kicking myself and angry at the technology journalism community covering Flashback. This script (or one like it) is what should be posted on all those websites talking about what to do in the terminal, with the instructions to open AppleScript Editor, paste this, and run.

g=
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: h linamen
Date: April 09, 2012 06:12PM
Is the script in the original post above safe to use?
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: space-time
Date: April 09, 2012 07:34PM
Quote
h linamen
Is the script in the original post above safe to use?

only if you can deal with Dad smiling smiley

of course it is safe, why would you think otherwise?
Options:  Reply • Quote
Re: Flashback trojan detection
Posted by: gabester
Date: April 09, 2012 10:07PM
All the above script does is read a couple files (which may not even exist unless you have the trojan) and display a dialog. About as harmless as they can get...

Now, if you've got the trojan and dad catches you trying to use it, that might be unsafe!
g=
Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login