Skip to content

Instantly share code, notes, and snippets.

@xtman

xtman/chk_flashback

Created April 8, 2012 01:51
Show Gist options
  • Save xtman/2333621 to your computer and use it in GitHub Desktop.
Save xtman/2333621 to your computer and use it in GitHub Desktop.
Download ZIP
A shell script to detect if your Mac have Flashback Trojan infected
Raw
chk_flashback
#!/bin/bash
SafariInfected=0
echo -n "Checking Safari... "
if [[ -z `defaults read /Applications/Safari.app/Contents/Info LSEnvironment 2>&1 | grep "does not exist"` ]]; then
SafariInfected=1
echo "INFECTED."
else
echo "NOT INFECTED."
fi
FirefoxInfected=0
echo -n "Checking Firefox... "
if [[ -z `defaults read /Applications/Firefox.app/Contents/Info LSEnvironment 2>&1 | grep "does not exist"` ]]; then
FirefoxInfected=1
echo "INFECTED."
else
echo "NOT INFECTED."
fi
DyldInsertLibrariesInfected=0
echo -n "Checking DYLD_INSERT_LIBRARIES... "
if [[ -z `defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 2>&1 | grep "does not exist"` ]]; then
DyldInsertLibrariesInfected=1
echo "INFECTED."
else
echo "NOT INFECTED."
fi
JavaPatched=0
echo -n "Checking Java... "
if [[ -n `which java` ]]; then
JavaVersion=`java -version 2>&1 | grep "java version" | awk '{print $3}'`
echo -n "(verion=$JavaVersion) "
JavaVersionNumber=`echo $JavaVersion | sed -e "s/[\"\._]//g"`
if [[ $JavaVersionNumber -lt 16031 ]]; then
echo "NOT PATCHED."
else
JavaPatched=1
echo "PATCHED."
fi
else
JavaPatched=1
echo "PATCHED."
fi
if [[ $SafariInfected -eq 1 || $FirefoxInfected -eq 1 || $DyldInsertLibrariesInfected -eq 1 ]]; then
echo "Warning: your system is INFECTED with Flashback Trojan." 1>&2
fi
if [[ $JavaPatched -eq 0 ]]; then
echo "Warning: your Java is not patched with Java 1.6.0_31. You need to run Software Update to install the Java update, which protects from the Flashback Trojan." 1>&2
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment