Wednesday, April 11, 2012

Mac Flashback Botnet Update - also Easy Detection & Cleanup Tools

There's been a lot of news about this since I last posted, so here are all the updates:

PCWorld has a great FAQ that goes over many details of the Flashback trojan/botnet and sets the record straight on a number of the details. The biggest fact that people out there are getting wrong is that this was never an Adobe Flash vulnerability.  It has always been a Java based attack that is masquerading as an Adobe Flash update/installer (which is how it got it's name - Flashback).   This is also the same type of Java based trojan that targets Windows computers too.

Apple has been slow to pull the trigger on Java updates for YEARS and has been chastised by the security community for it for a long time.  The update that Apple released last week moved Java from Version 6 update 29 to Version 6 update 31.  There was even a re-release of the update for Lion.  But what happened to update 30 you ask?  Good question.   Apple took nearly two months to release update 31 from when Oracle had updated it.  But when did update 30 come out?  A quick look at the Wikipedia Java article says December 13, 2011.    That's right, Apple took nearly 5 months to come out with an update for a Java vulnerability that was being actively exploited in update 29 that had could have been mostly fixed before January 1, 2012.  There was an vulnerability in update 30 that started being utilized in mid-March to infect users - one month after Oracle has patched it with Java 6 update 31.

Now that Apple has seen Kaspersky independently confirm 600,000+  infected users, it is trying to do the right thing, unfortunately it is not going about it the right way.  Apple has never really worked with the security community before to protect their users.   I think it is time for Apple to have a big non-secretive pow-wow with all the global security companies and actually follow Microsoft's lead in collaborating to keep their users safe.

Kaspersky has created a very easy to use website called flashbackcheck.com to let you see if your Mac is infected.   If you'd rather download a utility that will actually scan your computer to find out if it is infected, you can get that here.

And should you find that you are infected, you could manually clean your computer with the directions that F-Secure posted previously here and here , or you could download and run the free cleanup tool from Kaspersky.

And finally, as I stated in a previous post, if you are not utilizing Java - disable and uninstall it and then install a reputable antivirus/antimalware software package to help keep you safe.  More steps on how to secure your Mac from Kaspersky are available here.


UPDATE: Late Tuesday, Apple announced that they are currently developing a tool to detect and remove the Flashback malware but they did not state when this tool would be available.

No comments: