Apple is planning to release a software fix that will find and remove the Flashback malware that has been haunting Mac users for several months now. The latest version of Flashback has built a botnet that at times has included more than 600,000 infected machines.
Apple said on Tuesday that it was in the process of developing a tool that would detect and remove Flashback, but the company did not specify when the fix would be available. Security researchers and customers have been questioning why Apple hasn’t yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now. The most recent variant of the Trojan is exploiting a Java vulnerability through drive-by download attacks in order to infect users’ machines.
Apple, which is typically mum on security issues, has remained so throughout the investigation by security firms into the Flashback botnet and it wasn’t until Tuesday that the company made its first public statement about the issue.
“A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs. Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates,” the company said in a statement. “Apple is developing software that will detect and remove the Flashback malware.”
Apple also said that it is working with ISPs to help take down the sites that are serving the exploits and infecting Mac users. Researchers at Kaspersky Lab and other security companies have taken the step of sinkholing some of the command-and-control domains that the Flashback malware authors use to communicate with infected machines. That tactic has enabled the researchers to keep tabs on the size of the botnet, which was up over the 600,000 mark late last week but had fallen to less than 250,000 by Tuesday.
In a podcast interview Tuesday on the Flashback botnet and the response by Apple, Costin Raiu of Kaspersky said that now that attackers have begun to focus some of their attention on Mac users, he would expect to see more of these kinds of attacks in the coming months.
From what Apple said in its statement, it’s not clear whether the fix that the company is developing will be an update for the XProtect anti-malware software that’s included with OS X or whether it will be a standalone tool. Some earlier versions of Flashback have had the ability to disable XProtect on infected machines.