Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Poorly Written Flashback Trojan Scan
#!/usr/bin/env bash
browser_regex='Firefox|Chrome|Safari'
infected=0
shift
echo "============================="
echo "Scanning for Flashback Trojan"
echo "============================="
echo
shopt -s nullglob
for i in $(ls /Applications);
do
dir=$i
if [[ $dir =~ $browser_regex ]]; then
result=$(defaults read $dir/Contents/Info LSEnvironment 2>&1 >/dev/null)
if [[ $result =~ 'LSEnvironment) does not exist' ]]; then
echo "$dir appears clean."
else
echo "$dir potentially infected!"
$infected=1
fi
fi
shift
done
home_environment=$(defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 2>&1 >/dev/null)
if [[ $home_environment =~ 'DYLD_INSERT_LIBRARIES) does not exist' ]]; then
echo "Home environment appears clean."
else
echo "Home environment potentially infected!"
$infected=1
fi
shift
echo
echo "============================="
if [[ $infected = 0 ]]; then
echo "Flashback Trojan NOT detected."
else
echo "Flashback Trojan WAS detected."
fi
echo "============================="
@ezkl

This comment has been minimized.

Copy link
Owner Author

commented Apr 5, 2012

Instructions:

  • Launch Terminal (located at: /Applications/Utilities/Terminal.app)
  • Paste: curl https://raw.github.com/gist/2307318/a31f69719c0f076f3cd44717c892f9f03d2c5b52/flashback_trojan_scan.sh | sh
  • Press Return
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.