Flashback Mac Malware Gives Rise to Detection, Removal Tools

 
 
By Jeffrey Burt  |  Posted 2012-04-10 Email Print this article Print
 
 
 
 
 
 
 

Anti-virus software vendors like Kaspersky, F-Secure and Intego offer tools to detect and remove the Flashback malware from Apple Macs.

With the Flashback Trojan continuing to stalk Apple Mac users, security experts are offering ways to detect and remove the malware and steps users can take to secure their systems.

Most recently, Juan Leon, a software developer, has posted a free tool that can determine whether an Apple system is infected with the Flashback malware. The tool€”first reported by news site Ars Technica€”is based on process that was outlined by security software vendor F-Secure in a blog post in late March.

F-Secure€™s process is a highly technical one that requires users to type in a series of commands in Terminal, which is the command line tool for the Mac OS X operating system. Leon€™s free tool apparently automates the F-Secure process.

The FlashbackChecker download was posted to github and can run on Mac OS X 10.5 or above. While the tool can detect Flashback, it won€™t remove it. FlashbackChecker reportedly will tell users if no infection was discovered, and will offer additional information if it finds signs that the malware has infected the Mac.

A number of security software vendors are offering ways to detect and remove the malware. Kaspersky Lab has set up a site, FlashbackCheck.com, that gives Mac users a quick description of the Flashback Trojan and how to determine whether a system has been infected. Kaspersky also offers a free removal tool.

Kaspersky, like other vendors, including F-Secure and Intego, are offering 30-day trials of their Mac antivirus tools. F-Secure also offers manual steps users can take to remove the Flashback malware.

In addition, Costin Raiu, a security expert for Kaspersky, in a post on the company€™s SecureList blog, outlines steps Mac users can take to make their Apple systems more secure from many attacks, including Flashback.

Kaspersky and another antivirus vendor, Doctor Web, have both found that the newest versions of the Flashback Trojan€”which was first discovered last year€”have infected more than 600,000 Macs worldwide, or between 1 and 2 percent of the Macs being used globally. Security experts have said that while the numbers of infected machines do not match the millions of PCs that have been hit with viruses and other malware over the years, the percentage of infected Macs makes Flashback a significant attack.

In his April 9 blog post, Kaspersky€™s Raiu echoed what other security experts have said in recent months after the discovery of a host of cyber-attacks on Apple devices: Despite the belief by many users, Apple systems are not invulnerable to attacks.

€œAt the beginning of 2012, we predicted that an increase in the number of attacks on Mac OS X which take advantage of zero-day or unpatched vulnerabilities,€ Raiu wrote. €œThis is a normal development which happens on any other platform with enough market share to guarantee a return-on-investment for virus writers so Mac OS X fans shouldn€™t be disappointed because of this. During the next few months, we are probably going to see more attacks of this kind, which focus on exploiting two main things: outdated software and the user€™s lack of awareness.€

The Flashback malware takes advantage of vulnerabilities in Oracle€™s Java technology. The first Flashback exploit last year was a Trojan, masquerading as an update to Adobe Flash. The newer variants are more of a drive-by malware, which relies less on users downloading the exploit to their Macs. Instead, it hits vulnerable systems when users visit malicious or compromised Web sites.

Apple last week issued two patches aimed at addressing the vulnerabilities. However, the company has drawn criticism from some security experts, who note that Oracle issued the patches months ago for Windows PCs. However, Apple doesn€™t let third parties patch applications on its computers, so the Apple patches weren€™t sent out until last week.

That heightens the threat to Mac users who download such applications as the Java Web browser, which is becoming a more popular target for cyber-criminals, according to Kaspersky€™s Raiu. In addition, as Apple Internet-connected devices€”including the Mac, iPhone, iPad and iPod€”become more popular among consumers, they also will become a more common malware target.

 

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel