xtman/chk_flashback

## chk_flashback
#!/bin/bash

SafariInfected=0
echo -n &quot;Checking Safari... &quot;
if [[ -z `defaults read /Applications/Safari.app/Contents/Info LSEnvironment 2&gt;&amp;1 &#124; grep &quot;does not exist&quot;` ]]; then
    SafariInfected=1
    echo &quot;INFECTED.&quot;
else
    echo &quot;NOT INFECTED.&quot;
fi

FirefoxInfected=0
echo -n &quot;Checking Firefox... &quot;
if [[ -z `defaults read /Applications/Firefox.app/Contents/Info LSEnvironment 2&gt;&amp;1 &#124; grep &quot;does not exist&quot;` ]]; then
    FirefoxInfected=1
    echo &quot;INFECTED.&quot;
else
    echo &quot;NOT INFECTED.&quot;
fi

DyldInsertLibrariesInfected=0
echo -n &quot;Checking DYLD_INSERT_LIBRARIES... &quot;
if [[ -z `defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 2&gt;&amp;1 &#124; grep &quot;does not exist&quot;` ]]; then
    DyldInsertLibrariesInfected=1
    echo &quot;INFECTED.&quot;
else
    echo &quot;NOT INFECTED.&quot;
fi

JavaPatched=0
echo -n &quot;Checking Java... &quot;
if [[ -n `which java` ]]; then
    JavaVersion=`java -version 2&gt;&amp;1 &#124; grep &quot;java version&quot; &#124; awk '{print $3}'`
    echo -n &quot;(verion=$JavaVersion) &quot;
    JavaVersionNumber=`echo $JavaVersion &#124; sed -e &quot;s/[\&quot;\._]//g&quot;`
    if [[ $JavaVersionNumber -lt 16031 ]]; then
        echo &quot;NOT PATCHED.&quot;
    else
        JavaPatched=1
        echo &quot;PATCHED.&quot;
    fi
else
    JavaPatched=1
    echo &quot;PATCHED.&quot;
fi

if [[ $SafariInfected -eq 1 &#124;&#124; $FirefoxInfected -eq 1 &#124;&#124; $DyldInsertLibrariesInfected -eq 1 ]]; then
    echo &quot;Warning: your system is INFECTED with Flashback Trojan.&quot; 1&gt;&amp;2
fi

if [[ $JavaPatched -eq 0 ]]; then
    echo &quot;Warning: your Java is not patched with Java 1.6.0_31. You need to run Software Update to install the Java update, which protects from the Flashback Trojan.&quot; 1&gt;&amp;2
fi
	#!/bin/bash

	SafariInfected=0
	echo -n "Checking Safari... "
	if [[ -z `defaults read /Applications/Safari.app/Contents/Info LSEnvironment 2>&1 \| grep "does not exist"` ]]; then
	SafariInfected=1
	echo "INFECTED."
	else
	echo "NOT INFECTED."
	fi

	FirefoxInfected=0
	echo -n "Checking Firefox... "
	if [[ -z `defaults read /Applications/Firefox.app/Contents/Info LSEnvironment 2>&1 \| grep "does not exist"` ]]; then
	FirefoxInfected=1
	echo "INFECTED."
	else
	echo "NOT INFECTED."
	fi

	DyldInsertLibrariesInfected=0
	echo -n "Checking DYLD_INSERT_LIBRARIES... "
	if [[ -z `defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 2>&1 \| grep "does not exist"` ]]; then
	DyldInsertLibrariesInfected=1
	echo "INFECTED."
	else
	echo "NOT INFECTED."
	fi

	JavaPatched=0
	echo -n "Checking Java... "
	if [[ -n `which java` ]]; then
	JavaVersion=`java -version 2>&1 \| grep "java version" \| awk '{print $3}'`
	echo -n "(verion=$JavaVersion) "
	JavaVersionNumber=`echo $JavaVersion \| sed -e "s/[\"\._]//g"`
	if [[ $JavaVersionNumber -lt 16031 ]]; then
	echo "NOT PATCHED."
	else
	JavaPatched=1
	echo "PATCHED."
	fi
	else
	JavaPatched=1
	echo "PATCHED."
	fi

	if [[ $SafariInfected -eq 1 \|\| $FirefoxInfected -eq 1 \|\| $DyldInsertLibrariesInfected -eq 1 ]]; then
	echo "Warning: your system is INFECTED with Flashback Trojan." 1>&2
	fi

	if [[ $JavaPatched -eq 0 ]]; then
	echo "Warning: your Java is not patched with Java 1.6.0_31. You need to run Software Update to install the Java update, which protects from the Flashback Trojan." 1>&2
	fi