Apple Developing Fix For Flashback Malware

Apple is planning to release a software fix that will find and remove the Flashback malware that has been haunting Mac users for several months now. The latest version of Flashback has built a botnet that at times has included more than 600,000 infected machines.

Apple is planning to release a software fix that will find and remove the Flashback malware that has been haunting Mac users for several months now. The latest version of Flashback has built a botnet that at times has included more than 600,000 infected machines.

Apple said on Tuesday that it was in the process of developing a tool that would detect and remove Flashback, but the company did not specify when the fix would be available. Security researchers and customers have been questioning why Apple hasn’t yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now. The most recent variant of the Trojan is exploiting a Java vulnerability through drive-by download attacks in order to infect users’ machines.

Apple, which is typically mum on security issues, has remained so throughout the investigation by security firms into the Flashback botnet and it wasn’t until Tuesday that the company made its first public statement about the issue.Apple patch

“A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs. Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates,” the company said in a statement. “Apple is developing software that will detect and remove the Flashback malware.”

Apple also said that it is working with ISPs to help take down the sites that are serving the exploits and infecting Mac users. Researchers at Kaspersky Lab and other security companies have taken the step of sinkholing some of the command-and-control domains that the Flashback malware authors use to communicate with infected machines. That tactic has enabled the researchers to keep tabs on the size of the botnet, which was up over the 600,000 mark late last week but had fallen to less than 250,000 by Tuesday. 

In a podcast interview Tuesday on the Flashback botnet and the response by Apple, Costin Raiu of Kaspersky said that now that attackers have begun to focus some of their attention on Mac users, he would expect to see more of these kinds of attacks in the coming months. 

From what Apple said in its statement, it’s not clear whether the fix that the company is developing will be an update for the XProtect anti-malware software that’s included with OS X or whether it will be a standalone tool. Some earlier versions of Flashback have had the ability to disable XProtect on infected machines. 

Suggested articles

Discussion

  • Anonymous on

    No "tool" is ever going to work as effectively as wiping out everything that can hold a byte and replacing it with good known data. Apple will ignore 10.5 and earlier users because to fix them would mean having to fix all the other security issues. You get one OS upgrade out of most Mac hardware, the third one will cause problems and push one to replace hardware. Apple will see to that because they rely upon volunteers to test on older hardware, despite their tens of billions. If one chooses to stick with the OS version that came tailored with the machine and works perfectly, like most computer ignorant users do, they are ignored security updates in short order. There are MANY 10.5 and 10.4 users who are doing online banking etc., that are pigeons waiting to be plucked once the attention has died down.
  • Anonymous on

    ^^^Guess that's what you get for not backing up, archiving, stupid Mac loser, haha pwned!^^^
  • Anonymous on

    Like backing up and archiving virus'?  Really? So you can re-infect yourself?  Well done SMART what ever type of user you must be.  Back-ups are for disaster recovery, not anti-virus - oh wait, now I get it, you must be a windows user - trained to reboot and re-install at the slightest (or in windows case - not so slight) problem...pwned?  You've been pwned for decades!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.