Apple promises Flashback malware killer
Week after firms put infected Macs at 600,000+, acknowledges infections
Computerworld - Apple on Tuesday for the first time publicly acknowledged a malware campaign that has infected an estimated 600,000 Macs, and said it would release a free tool to disinfect users' machines.
"A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs," Apple said in a support document published Tuesday. "Apple is developing software that will detect and remove the Flashback malware."
Although Flashback has circulated since September 2011, it was only last month that the newest variant began infecting Macs using an exploit of a Java bug that Oracle patched in mid-February.
Apple maintains its own version of Java for Mac OS X, and is responsible for producing security updates. It issued a Java update on April 3 that quashed the bug Flashback has been using to sneak onto Macs.
In the seven weeks between Oracle's and Apple's updates, hackers responsible for Flashback managed to insert their software -- designed for, among other things, password theft -- onto an estimated 2% of all Macs.
Apple, which rarely comments on security issues, and never prior to producing a patch, had been mum since last Wednesday, when Russian antivirus maker Dr. Web said it had "sinkholed" Flashback command-and-control (C&C) domains. Dr. Web tallied the infected machines that communicated with those hijacked domains to come up with its 600,000 estimate.
The Loop blog first reported on Apple's support document late Tuesday.
Apple also said it was working with Internet service providers (ISPs) to "disable [the Flashback] command and control network," referring to the usual practice of asking hosting firms to pull hacker-operated C&C servers off the Internet so that infected computers cannot receive further orders.
And the company promised to issue a special tool to "detect and remove the Flashback malware." Apple did not set a timetable for its release.
It won't be the first time that Apple has crafted a detection-and-deletion utility. In May 2011, the company announced a similar tool to sniff out and remove the MacDefender fake security software that plagued Mac users for several months last year.
Apple delivered the promised anti-MacDefender tool as a software update one week later.
If the company sticks to the same tempo this time, the Flashback deletion tool should be available April 17.
Similar aids are already available, however. On Tuesday, Kaspersky Labs, one of the Russian antivirus companies that counted the number of infected Macs, released a free removal tool dubbed "Flashfake," that detects and eradicates the malware. Kaspersky and others have also created websites where users can determine if their Macs harbor the Flashback malware.
Apple issued patches last week for the Java vulnerability exploited by Flashback, but only for the two OS X flavors it still supports: Lion and its immediate predecessor, Snow Leopard.
Mac owners running older editions -- Leopard and earlier -- should disable the Java browser plug-in, Apple said, and pointed users to instructions. According to Web metrics vendor Net Applications, about one-in-six Macs run an unsupported version of Apple's operating system.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Feds declare big win over Cryptolocker ransomware
- Hackers hit more businesses through remote access accounts
- P.F. Chang's post-breach move to manual processing is telling
- Microsoft withholds monster IE update from Windows 8.1 dawdlers
- In baffling move, TrueCrypt open-source crypto project shuts down
- 'Oleg Pliss' hack makes for a perfect teachable IT moment
- Give IE the heave-ho until Microsoft patches zero-day
- Hackers find first post-retirement Windows XP-related vulnerability
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
Read more about Security in Computerworld's Security Topic Center.
- The Pivotal Big Data Suite- Reducing the Risks of Big Data The explosion of big data and the rapid evolution of big data tools and technologies is challenging IT to meet the demands of...
- A Survival Guide for Data in the Wild All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices...
- Transforming Security: Designing a State-of-the-Art Extended Team The information security mission is no longer about implementing and operating controls.
- The Big Data Security Analytics Era Is Here New security risks and old security challenges often overwhelm legacy security controls and analytical tools.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!