There’s a malicious trojan horse out there and it may have infected hundreds of thousands of Macs. Uh oh. Is there a way to check your Mac for infection and delete the trojan horse? And, is there a way to prevent regular apps and malicious apps from phoning home?
Kill The Trojan, Stop The Phoning
Back in 2011 the Mac Flashback trojan horse was spotted. While it didn’t cause much initial interest among the Mac masses, the latest iteration may have infected over half a million Macs.
There’s good news and bad news. The bad news is that Flashback creates a botnet of Macs, machines controlled by someone else, someone evil. It even searches an infected Mac for anti-virus apps, and generates a list of bonnet control servers and checking in.
The good news is that Flashback targets a vulnerability in Java on Mac OS X. If you don’t use Java on your Mac or have it turned on in Safari, it’s not likely you’re infected. How do you get your Mac infected? The malware installs itself after you visit a compromised or malicious web page.
Here are simple instructions from an anti-virus, anti-malware vendor on how to check your Mac for the Flashback trojan horse.
If your Mac is uninfected, is there a way to check on which Mac apps are making network connections and phoning home? For that, you need Little Snitch.
What this security app does is act like a reverse firewall. Instead of telling you who’s trying to get into your Mac, Little Snitch stops apps on your Mac from using a network connection and making contact anywhere else.
Whenever an app that’s installed on your Mac tries to make a network connection, you get a pop up notification. You decide what kind of connection the app can make.
Over time, Little Snitch captures and keeps a list of all the apps on your Mac that make outbound (not inbound) network connections, each with specific rules for connecting.
You can choose to alloy or deny any app’s attempt to connect to the network. Little Snitch runs in the background and can detect network connection attempts by viruses, trojans or other malware.
After you install Little Snitch you’re going to be annoyed to death by a variety of pop up messages asking you to allow or deny a connection.
Preferences give you some control over apps. For example, Mail, Safari, and other Mac apps constantly use network connections, so they’re easily set to defaults.
If you want to get your geek on, Little Snitch has all kinds of monitoring, traffic filtering and rules to catch apps that try to phone home (and let through those that are making legitimate network connections).
There’s even a handy status icon that resides in your Mac’s Menubar so you can see what’s happening on your network connection. In the case of Mac malware, paranoia can be your friend, so be careful which web sites you visit, which preferences you turn on, and add a tool to give you more information about who is doing what on your Mac.