Apple announces Flashback removal tool
Apple has announced it is working on developing a removal tool for the Flashback trojan that exploits a hole in Mac OS X's Java implementation; Apple patched the Java implementation last week. In a support document the company released on Tuesday night, Apple says that it is developing software which will detect and remove the malware. No time schedule was mentioned for the release of the tool. According to security firms, Flashback can download a variety of malicious payloads and has infected at least 550,000 Macs.
Apple also recommended that users install the most recent Java update and closes the hole, as soon as possible; the Java update from last week was updated a second time this week so users may wish to re-run Apple's Software Update and change its settings to check more often than the default once a week. The company added that it is working with internet service providers worldwide to disable the command and control servers that the botnet formed by the malware requires to "perform many of its critical functions". Earlier, AV firm Doctor Web had reported that, as part of this campaign, Apple shut down one of the "sinkhole" servers it was running and using to count the number of infections.
The situation remains problematic for those who use Mac OS X versions that predate Snow Leopard (10.6), as Apple no longer provides Java updates for these versions. Instead, the company recommends that, to "better protect" themselves from this malware, users disable Java in their browser preferences. A simple tool to check a computer for a potential "Flashback" infection was released by an independent developer a few days ago and includes source code. F-Secure also offers instructions on how to remove the malware in an advisory.
- Russian AV company claims 600,000 Macs infected by Flashback, a report by The H.