Apple Working on Malware Fix

Thursday, April 12, 2012 @ 04:04 PM gHale

Apple did say a malware campaign infected an estimated 600,000 Macs and the company will release a free tool to cleanse users’ machines.

“A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs,” Apple said in a support document. “Apple is developing software that will detect and remove the Flashback malware.”

Mac Botnet Growing Rapidly
Apple Fixes Java Holes
Botnet Rises for Third Time
Microsoft Seizes Zeus Servers

Although Flashback has circulated since September 2011, it was only last month the newest variant began infecting Macs using an exploit of a Java bug Oracle patched in mid-February.

Apple maintains its own version of Java for Mac OS X, and is responsible for producing security updates. It issued a Java update April 3 that quashed the bug Flashback has been using to sneak onto Macs.

In the seven weeks between Oracle’s and Apple’s updates, hackers responsible for Flashback managed to insert their software — designed for, among other things, password theft — onto an estimated 2% of all Macs.

Apple, which rarely comments on security issues, and never prior to producing a patch, had been quiet since last week, when Russian antivirus maker Dr. Web said it “sinkholed” Flashback command-and-control (C&C) domains. Dr. Web tallied the infected machines that communicated with those hijacked domains to come up with its 600,000 estimate.

Apple also said it was working with Internet service providers (ISPs) to “disable [the Flashback] command and control network,” referring to the usual practice of asking hosting firms to pull hacker-operated C&C servers off the Internet so infected computers cannot receive further orders.

And the company promised to issue a special tool to “detect and remove the Flashback malware.” Apple did not set a timetable for its release.

It won’t be the first time Apple crafted a detection-and-deletion utility. In May last year, the company released a similar tool to sniff out and remove the MacDefender fake security software that plagued Mac users for several months last year.

Apple delivered the promised anti-MacDefender tool as a software update one week later.

Kaspersky Labs, one of the Russian antivirus companies that counted the number of infected Macs, released a free removal tool dubbed “Flashfake,” that detects and eradicates the malware. Kaspersky and others have also created websites where users can determine if their Macs harbor the Flashback malware.

Apple issued patches last week for the Java vulnerability exploited by Flashback, but only for the two OS X flavors it still supports: Lion and its immediate predecessor, Snow Leopard.

Mac owners running older editions — Leopard and earlier — should disable the Java browser plug-in, Apple said, and pointed users to instructions.

Leave a Reply

You must be logged in to post a comment.