Mac OS X OSX/Flashback Trojan Detection

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host appears to have been compromised.

Description :

Using the supplied credentials, Nessus has found evidence that the
remote Mac OS X host has been compromised by a trojan in the
OSX/Flashback family of trojans.

The software is typically installed by means of a malicious Java
applet or Flash Player installer. Depending on the variant, the
trojan may disable antivirus, inject a binary into every application
launched by the user, or modifies the contents of certain web pages
based on configuration information retrieved from a remote server.

See also :

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_a.shtml
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_b.shtml
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_c.shtml
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml
http://www.nessus.org/u?7f51a6ed

Solution :

Restore the system from a known set of good backups.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: MacOS X Local Security Checks

Nessus Plugin ID: 58619 ()

Bugtraq ID:

CVE ID: