Originally Posted by Shapethings
Count me as one of the 600,000. I was infected. I'm normally pretty cautious too.
I thought that I was being cautious too, but I still got infected with this trojan.
This Flashback trojan has several variants, some of which were recently released. The "Terminal removal detection and removal instructions" and the list of programs that the trojan would refuse to install upon detecting is outdated in my opinion, as confirmed by so many people that thought "they were clean" of this trojan, yet Apple's latest Java update notified them that it had detected and removed the Flashback trojan code.New variants of this trojan seem to be installing regardless of what other programs are on the user's Mac, and seem to be hiding themselves from being removed and/or detected by the Terminal Trojan Removal Instructions that previously has been released by F-Secure and others.
I had this trojan when it first came out, and it exploited the Java vulnerability to get into my Mac without me knowing about it. I started seeing strange things happening in the background (like a lot of data transfer being reported by my ISP) even after I followed the Terminal Removal instructions from F-Secure.
Someone suggested I install "Little Snitch" which monitors and reports on any program out of the ordinary trying to send data out onto The Internet from my Mac. I installed "Little Snitch" and it reported that several Flashback trojan programs masquerading as hidden files and/or configuration files for valid Mac apps were trying to send data out to strangely named botnet servers without my consent. I Googled the domains they were trying to access and the filenames the trojan was masquerading as, and found on Apple discussion forums that other others were seeing the same trojan behavior with these infected files and botnet domains/websites.
I manually removed these trojan infected hidden files and configuration files, and have had no more problems reported by Little Snitch. Also Apple's latest Java update did not report that it found any traces of this Flashback trojan on my Mac, when I installed it, unlike many other people who reported that the update said that it had removed infected Flashback files from their system.
So I believe that every Mac user running Lion should install Apple's latest Java update (for Lion), and all Mac users should install the Little Snitch app (which runs for 3 hours free in demo mode). It can be restarted after 3 hours as many times as necessary. This way you should detect if any remnants of this trojan are trying to run and contact their command and control botnet servers.
All Mac users should also verify that Java is disabled from running in Safari's Security Preferences panel, as an extra precaution.