Mac Java Trojan: over 600.000 Macs affected – how to secure your Mac [Update]

Update: F-Secure offers a FlashbackRemoval Tool, the Flashback Checker app tells you if your machine is infected.

The Flashback Trojan for Apple's Mac OSX already infected over 600.000 Machines, according to @hexminer on twitter. There is an existing Java Security Update from Apple, all users should update immediately.

Apple is too slow in releasing security fixes - the last known security holes in Mac OSX Java took Apple over 6 months to fix.

F-Secure shows how to secure your Mac by disabling Java. Lion does not come with Java by default, although most of the times it is installed afterwards (running Java applets or Java applications, the Systems asks to install the Java package).

The Flashback Trojan hides as Adobe Flash Player, so the most secure thing to do is to remove Java and Flash from your system. Adobe Flash still does not completely work with Mac OSX Lion, bugs that were reported by Nanofunk over 6 months ago are still open.

Gizmodo posted a simple way how to test if you are infected:

Run the following command in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment
Take note of the value, DYLD_INSERT_LIBRARIES

The expected output should be:
"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"

Then, run this command:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"

"does not exist" means you've got a healthy rig. If there is any other message, keep following F-Secure's instructions to vanquish the intruder.