Flashback Trojan infects 600,000+ Macs

[Deadeye81]

For those who frequent the Lounge who also have a Mac in their home, the Flashback Trojan has been making the rounds on Macs of late.

Over half of the 600,000 Macs infected are in the US. Infection occurs by 'drive by' download exploiting a Java vulnerability when one goes to an infected web site. It does not require any user interaction to obtain a foothold on a Mac, so it is not a social malware package.

Virtually none of the AV/AM software packages were able to detect and/or thwart the installation of Flashback, so even those Mac users who realize Macs are very vulnerable were not immune from Flashback. You can bet there will be more of this type of malware coming down the pike. Fortunately, this outbreak should be a wakeup call to all Mac users, especially those who have swallowed the lie that Macs do not get infected. The good news is that this outbreak only infected about 1% of the Mac installed base. The bad news is that Apple took two months to funnel the Java update to users after Oracle issued an update to remove the specific vulnerability to the Flashback Trojan. Apple has to do better than that.

There are some tools available to easily check for the presence of this infection. Check out the Flashback Checker here. It is a recently released Mac utility that will automatically enter the command lines outlined in F-Secure's page of manual commands one can use to check for infection. Flashback Checker is easier to use as it does the job for you without entering the two command lines outlined by F-Secure. Most Mac users will get a "clean" report after the check is made. For those who get a confirmation of the infection's presence, you can follow F-Secure's command procedures in the above link to clean your system of Flashback, or you can download Kaspersky's Flashback Removal Tool, which should be faster, and does not require Terminal command line use. News of the Kaspersky tool arrived the day after the unveiling of Flashback Checker, and it can be used both to detect and remove the infection.

For more reading on Flashback, check out this MacWorld article, and this one as well.

Kaspersky also has a very good article titled 10 Simple Tips for Boosting the Security of Your Mac. Check it out, and implement most of the tips. Mac users are going to have to be just as proactive in their security as Windows users have learned to be over the years.

UPDATE: At some point today, after I posted this thread, Kaspersky pulled their Flashback Removal Tool after it was found to alter certain user settings. So if you have downloaded the tool, but not executed it, please delete it and either wait for the updated tool, or follow the manual steps on F-Secure's page linked above to remove the trojan.
An updated Flashback Removal Tool is expected to be released shortly.

[Medico]

Ya know Gerald, Mac users will still tell us they are very safe, that their PC's are not under attack. The truth is with the proliferation of iPhones and iPads, the Apple products will be under constant attack from here on, whether they care to admit it or not.

[Deadeye81]

Latest Update: Late yesterday afternoon, Apple released another Java update through Apple Update. This update not only closes the vulnerability that gave Flashback an open door, but also removes any traces of Flashback variants that may be on user's systems. So, if you have not taken any steps to check for and/or remove Flashback, this is the easiest method to apply.

This new update also disables Java from automatically running on Macs, but if you find that you have an application that requires Java, you can re-enable automatic Java applet execution by running the Java Preferences application located in you /Application/Utilities folder.

Hi Ted, I know it is an uphill battle to convince some Mac users to change their thinking about malware. However, I am trying to reach Mac users who should know better than to swallow the myth that Macs are not vulnerable to malware - the ones who also use Windows. Quite a few users who have a Mac now, still use Windows machines as well, and their Windows experience should make it easier for them to understand that any OS with the right market visibility, is vulnerable to malware, and they as users have to take responsibility for their own security. The school of hard knocks is one of the best teachers we have.