Dr Web has released a tool to check to see if your MAC is showing up in their list of +500K infected computers. The Flashback.k malware uses the MAC’s UUID to identify the computer. UUID is Universally Unique IDentifier, defined in RFC 4122, ITU-T Rec. X.667 and ISO/IEC 11578:1996, used by Apple to identify the specific machine. This allows Dr Web and any other sink hole operator currently tracking Flashback to provide specifics to see if a device is talking to the Sink Hole.
Update!
Kasperski Labs has an alternative page to check to see if you are one of the 500K – http://flashbackcheck.com/. The
How does Dr. Web’s and the Kasperski Lab’s tool Work?
Go to the Dr Web Page:
If you are someone who really knows the MAC, you can follow the instructions to get the UUID from the system report tool. If not, some screen shots are attached below.
Step by Step on a Macbook Pro
Step 1: Select the “Apple” at the top left. The drop down menu will appear. Select “About this Mac.” This will open the information application.
Step 2: Select “More Information”
Step 3: Select “System Report”
Step 4: Select and copy the UUID from the hardware section.
Step 5: You can now past the UUID into Dr Web’s tool to see if you are in their list.
NOTE: Not being in their list does not mean you are clean. You might be violated and Dr Web not having your computer in the list. Malware data becomes fragmented as more “good guys” set up their own Sink Holes.
It is still worth checking manually (see Topher Kessler‘s article on How to remove the Flashback malware from OS X)
Need Security Advice?
If you find your organization needs help and worry about the FUD from the industry, reach out and ask for help. You can reach me at bgreene@senki.org. Start with the Operator’s Security Toolkit. It is the no-nonsense security for all Operators. It provides details to help them build more security resilient networks. In the mean time, stay connected to the Senki Community to get updates on new empowerment and security insights.