Apple promises Flashback malware killer
Week after firms put infected Macs at 600,000+, acknowledges infections
Computerworld - Apple on Tuesday for the first time publicly acknowledged a malware campaign that has infected an estimated 600,000 Macs, and said it would release a free tool to disinfect users' machines.
"A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs," Apple said in a support document published Tuesday. "Apple is developing software that will detect and remove the Flashback malware."
Although Flashback has circulated since September 2011, it was only last month that the newest variant began infecting Macs using an exploit of a Java bug that Oracle patched in mid-February.
Apple maintains its own version of Java for Mac OS X, and is responsible for producing security updates. It issued a Java update on April 3 that quashed the bug Flashback has been using to sneak onto Macs.
In the seven weeks between Oracle's and Apple's updates, hackers responsible for Flashback managed to insert their software -- designed for, among other things, password theft -- onto an estimated 2% of all Macs.
Apple, which rarely comments on security issues, and never prior to producing a patch, had been mum since last Wednesday, when Russian antivirus maker Dr. Web said it had "sinkholed" Flashback command-and-control (C&C) domains. Dr. Web tallied the infected machines that communicated with those hijacked domains to come up with its 600,000 estimate.
The Loop blog first reported on Apple's support document late Tuesday.
Apple also said it was working with Internet service providers (ISPs) to "disable [the Flashback] command and control network," referring to the usual practice of asking hosting firms to pull hacker-operated C&C servers off the Internet so that infected computers cannot receive further orders.
And the company promised to issue a special tool to "detect and remove the Flashback malware." Apple did not set a timetable for its release.
It won't be the first time that Apple has crafted a detection-and-deletion utility. In May 2011, the company announced a similar tool to sniff out and remove the MacDefender fake security software that plagued Mac users for several months last year.
Apple delivered the promised anti-MacDefender tool as a software update one week later.
If the company sticks to the same tempo this time, the Flashback deletion tool should be available April 17.
Similar aids are already available, however. On Tuesday, Kaspersky Labs, one of the Russian antivirus companies that counted the number of infected Macs, released a free removal tool dubbed "Flashfake," that detects and eradicates the malware. Kaspersky and others have also created websites where users can determine if their Macs harbor the Flashback malware.
Apple issued patches last week for the Java vulnerability exploited by Flashback, but only for the two OS X flavors it still supports: Lion and its immediate predecessor, Snow Leopard.
Mac owners running older editions -- Leopard and earlier -- should disable the Java browser plug-in, Apple said, and pointed users to instructions. According to Web metrics vendor Net Applications, about one-in-six Macs run an unsupported version of Apple's operating system.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts