Skip to main content

Apple Joins Fight Against Flashback Trojan

Apple has finally woken up and smelled the coffee about the Flashback Trojan epidemic.

"Apple is developing software that will detect and remove the Flashback malware," the company said in a brief security bulletin posted on the Apple support website yesterday (April 10).

The Mac Flashback Trojan, first detected last September, recently evolved to exploit a vulnerability in Oracle's Java software that Apple had left unpatched for three months.

Until April 3, any Mac that visited a website unwittingly hosting the Flashback Trojan or the Blackhole exploit kit, which also exploits the Java flaw, could have been silently infected.

[FAQ: The New Mac Virus and Apple Anti-Virus Options]

Late last week, two Russian security firms estimated that 600,000 Macs worldwide had become part of the Flashback botnet — a "zombie army" of machines that could be secretly controlled by remote "bot herders" using command-and-control servers.

One of those firms, Kaspersky Lab, told UBM TechWeb's Dark Reading blog that the botnet numbers had been cut in half over the weekend, most likely due to efforts by Internet service providers (ISPs) to block communication with the command-and-control servers.

"In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions," Apple's security bulletin read. "Apple is working with ISPs worldwide to disable this command-and-control network."

In a blog posting, Mikko Hypponen of Finnish security firm F-Secure pointed out that Apple still hadn't added Flashback detection to Xprotect, the anti-virus software built into Mac OS X 10.6 Snow Leopard and 10.7 Lion.

Hypponen also pointed out that about 20 percent of Mac users still use older versions of Mac OS X that no longer receive security updates from Apple.

Macs using the PowerPC chip architecture cannot upgrade to Snow Leopard or Lion, and will have to disable Java for Web browsers using the built-in Java Preferences utility.

In a Twitter posting today (April 11), Kaspersky Lab's Roel Schouwenberg noted that Mac OS X 10.5 Leopard, one of the orphaned older versions, was released by Apple less than five years ago.

"Can you even imagine if MS [Microsoft] had cut XP support after 4-5 years?" Schouwenberg asked.

Microsoft plans to issue security updates for Windows XP, released in October 2001, until April 2014.

For those Mac users unwilling to wait for Apple, there are several free Flashback detection and removal tools available online. Here are some links:


Kaspersky detection:

Kaspersky removal tool: (UPDATE: Kaspersky has found bugs in the tool and has temporarily halted its distribution.)

Mashable, detection only:

Mashable detection tool instructions:

In addition, all Mac users should install anti-virus software, paid or free, if they haven't already.

Article provided by SecurityNewsDaily, a sister site to