Apple promises Flashback malware killer
Week after firms put infected Macs at 600,000+, acknowledges infections
Computerworld - Apple on Tuesday for the first time publicly acknowledged a malware campaign that has infected an estimated 600,000 Macs, and said it would release a free tool to disinfect users' machines.
"A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs," Apple said in a support document published Tuesday. "Apple is developing software that will detect and remove the Flashback malware."
Although Flashback has circulated since September 2011, it was only last month that the newest variant began infecting Macs using an exploit of a Java bug that Oracle patched in mid-February.
Apple maintains its own version of Java for Mac OS X, and is responsible for producing security updates. It issued a Java update on April 3 that quashed the bug Flashback has been using to sneak onto Macs.
In the seven weeks between Oracle's and Apple's updates, hackers responsible for Flashback managed to insert their software -- designed for, among other things, password theft -- onto an estimated 2% of all Macs.
Apple, which rarely comments on security issues, and never prior to producing a patch, had been mum since last Wednesday, when Russian antivirus maker Dr. Web said it had "sinkholed" Flashback command-and-control (C&C) domains. Dr. Web tallied the infected machines that communicated with those hijacked domains to come up with its 600,000 estimate.
The Loop blog first reported on Apple's support document late Tuesday.
Apple also said it was working with Internet service providers (ISPs) to "disable [the Flashback] command and control network," referring to the usual practice of asking hosting firms to pull hacker-operated C&C servers off the Internet so that infected computers cannot receive further orders.
And the company promised to issue a special tool to "detect and remove the Flashback malware." Apple did not set a timetable for its release.
It won't be the first time that Apple has crafted a detection-and-deletion utility. In May 2011, the company announced a similar tool to sniff out and remove the MacDefender fake security software that plagued Mac users for several months last year.
Apple delivered the promised anti-MacDefender tool as a software update one week later.
If the company sticks to the same tempo this time, the Flashback deletion tool should be available April 17.
Similar aids are already available, however. On Tuesday, Kaspersky Labs, one of the Russian antivirus companies that counted the number of infected Macs, released a free removal tool dubbed "Flashfake," that detects and eradicates the malware. Kaspersky and others have also created websites where users can determine if their Macs harbor the Flashback malware.
Apple issued patches last week for the Java vulnerability exploited by Flashback, but only for the two OS X flavors it still supports: Lion and its immediate predecessor, Snow Leopard.
Mac owners running older editions -- Leopard and earlier -- should disable the Java browser plug-in, Apple said, and pointed users to instructions. According to Web metrics vendor Net Applications, about one-in-six Macs run an unsupported version of Apple's operating system.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts