Bizarro World

Apparently the Flashback  Mac trojan is getting significant traction. Gruber notes the irony that the first real widespread Mac malware infection is getting less press than previous proof-of-concept attacks that never appeared in the wild.

Out of curiosity, I checked my MacBook Air for infection following the F-Secure instructions.  As expected, it was clean.  Had I been infected, it would likely have been via “Infection Type 2” – an installation that does not require the admin password – since I run as a standard user and am generally careful about inputting my administrator password.  What really struck me, however, was the following line in their description of “Infection Type 2”:

Infection Type 2

In cases where the user did not input their administrator password, the malware checks if the following path exists in the system:

  • /Applications/Microsoft
  • /Applications/Microsoft Office 2008
  • /Applications/Microsoft Office 2011
  • /Applications/

If any of these are found, the malware again skips the rest of its routine and proceeds to delete itself, presumably to avoid infecting a system that has an incompatible application installed.

That’s right, the presence of Microsoft Office on your system will protect your Mac against infection from this malware, as long as you are judicious in using your admin password.  Never in my life did I expect to write those words.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s