Apple Picks Off Flashback Malware

Monday, April 16, 2012 @ 01:04 PM gHale


Apple delivered to the core as they made good on a promise to decontaminate Macs infested with the Flashback malware.

The newest Mac OS X Java update includes a tool that will “remove the most common variants of the Flashback malware,” Apple’s advisory read.

RELATED STORIES
Apple Working on Malware Fix
Mac Botnet Growing Rapidly
Apple Fixes Java Holes
Botnet Rises for Third Time

On Tuesday, Apple acknowledged the Flashback malware campaign that exploited a Java vulnerability that left hundreds of thousands of Macs infected. At the same time, Apple pledged to create a detect-and-delete tool that would scrub compromised machines of the attack code. By Thursday, the promise came true.

This was not a new problem for Apple as it had to come up with a similar tool last year, one designed to eliminate MacDefender fake security software. In like speedy fashion, Apple released the anti-MacDefender tool a week after it unveiled those plans.

Thursday’s update also disables automatic execution of Java applets in the Java browser plug-in; the exploit used by Flashback to infect Macs hide inside a malicious Java applet hosted on compromised websites.

One of the reasons Flashback was able to infect so many Macs was because the Java plug-in automatically ran the offered applet. Apple’s move is a step toward disabling Java, the advice most security experts have suggested to users.

Users can circumvent Java’s new off-by-default setting by configuring Java’s preferences. But even then, Apple will intercede.

“As a security hardening measure, the Java browser plug-in and Java Web Start are deactivated if they are unused for 35 days,” Apple said.

Java Web Start is an Oracle technology that lets users single-click launch a Java app from within a browser without first downloading it to the machine.



Leave a Reply

You must be logged in to post a comment.