Earlier in the year, over 600,000 Mac computers were reported to have been infected with a malware called Flashback. OSX.Flashback made its first appearance in 2011 and has since evolved from a social engineering scam passing off as a fake flash update to using digital certificates purporting to come from Apple. This malware is currently using the latest Java vulnerability (BID 52161 – Oracle Java SE Remote Java Runtime Environment Denial Of Service Vulnerability ) in order to deliver its payload.
[ad#Google Adsense 336×280]
Symantec has confirmed the number of computers infected with the Flashback malware is going down, with approximately 270,000 machines still infected out of the originally reported 600,000, with the majority of the remaining infections in North America, Australia and the UK. More details can be found in this new Symantec blog post: http://www.symantec.com/connect/blogs/osxflashbackk-suffering-slashback-infections-down-270000.
IT departments and computer users can learn valuable lessons from this experience:
- No operating system is immune to malware attack and any Internet-connected device should have security precautions in place.
- Mac users are not out of the woods. There are still hundreds of thousands of users who have not taken the steps necessary to remove the malware. Additional infections are also still possible if the appropriate security updates are not installed.
- Cybercriminals often build on the exploits of others; additional attempts at widespread Mac malware infections are likely to follow.
Last week, Apple finally released a patch that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. Older systems (v10.5 and below) remain vulnerable and the official recommendation from Apple is to disable Java to prevent infection. It is recommended to initiate an update if this has not been done already or to download the update manually from Apple if your OS is vulnerable to the attack. Some quarters have condemned Apple for being slow to mobilise a fix/patch for the vulnerability.
Symantec Security Response has developed a free removal tool for OSX.Flashback.K for Macs, to detect and eradicate Flashback.
There are also other tools to scan possible infections and fix your Macs:
F-Secure
http://www.f-secure.com/weblog/archives/00002346.html
Dr Web Online
https://www.drweb.com/flashback/
Apple Java update
http://support.apple.com/kb/HT5242
Have you checked your Mac yet? We highly advise that you do so!