With the Flashback Trojan continuing to stalk Apple Mac users, security experts are offering ways to detect and remove the malware and steps users can take to secure their systems.
Most recently, Juan Leon, a software developer, has posted a free tool that can determine whether an Apple system is infected with the Flashback malware. The toolfirst reported by news site Ars Technicais based on process that was outlined by security software vendor F-Secure in a blog post in late March.
F-Secures process is a highly technical one that requires users to type in a series of commands in Terminal, which is the command line tool for the Mac OS X operating system. Leons free tool apparently automates the F-Secure process.
The FlashbackChecker download was posted to github and can run on Mac OS X 10.5 or above. While the tool can detect Flashback, it wont remove it. FlashbackChecker reportedly will tell users if no infection was discovered, and will offer additional information if it finds signs that the malware has infected the Mac.
A number of security software vendors are offering ways to detect and remove the malware. Kaspersky Lab has set up a site, FlashbackCheck.com, that gives Mac users a quick description of the Flashback Trojan and how to determine whether a system has been infected. Kaspersky also offers a free removal tool.
Kaspersky, like other vendors, including F-Secure and Intego, are offering 30-day trials of their Mac antivirus tools. F-Secure also offers manual steps users can take to remove the Flashback malware.
In addition, Costin Raiu, a security expert for Kaspersky, in a post on the companys SecureList blog, outlines steps Mac users can take to make their Apple systems more secure from many attacks, including Flashback.
Kaspersky and another antivirus vendor, Doctor Web, have both found that the newest versions of the Flashback Trojanwhich was first discovered last yearhave infected more than 600,000 Macs worldwide, or between 1 and 2 percent of the Macs being used globally. Security experts have said that while the numbers of infected machines do not match the millions of PCs that have been hit with viruses and other malware over the years, the percentage of infected Macs makes Flashback a significant attack.
In his April 9 blog post, Kasperskys Raiu echoed what other security experts have said in recent months after the discovery of a host of cyber-attacks on Apple devices: Despite the belief by many users, Apple systems are not invulnerable to attacks.
At the beginning of 2012, we predicted that an increase in the number of attacks on Mac OS X which take advantage of zero-day or unpatched vulnerabilities, Raiu wrote. This is a normal development which happens on any other platform with enough market share to guarantee a return-on-investment for virus writers so Mac OS X fans shouldnt be disappointed because of this. During the next few months, we are probably going to see more attacks of this kind, which focus on exploiting two main things: outdated software and the users lack of awareness.
The Flashback malware takes advantage of vulnerabilities in Oracles Java technology. The first Flashback exploit last year was a Trojan, masquerading as an update to Adobe Flash. The newer variants are more of a drive-by malware, which relies less on users downloading the exploit to their Macs. Instead, it hits vulnerable systems when users visit malicious or compromised Web sites.
Apple last week issued two patches aimed at addressing the vulnerabilities. However, the company has drawn criticism from some security experts, who note that Oracle issued the patches months ago for Windows PCs. However, Apple doesnt let third parties patch applications on its computers, so the Apple patches werent sent out until last week.
That heightens the threat to Mac users who download such applications as the Java Web browser, which is becoming a more popular target for cyber-criminals, according to Kasperskys Raiu. In addition, as Apple Internet-connected devicesincluding the Mac, iPhone, iPad and iPodbecome more popular among consumers, they also will become a more common malware target.