Sign in with
Sign up | Sign in

Kaspersky Offers Flashback Trojan Killer; Apple's Coming Soon

By - Source: Kaspersky Lab | B 13 comments

Kaspersky Lab now offers a removal tool for the Flashback/Flashfake trojan. Meanwhile, Apple is working with its own separate tool.

Kaspersky Lab said on Tuesday that it has launched free detection and removal tools for the Flashback/Flashfake malware. The news arrives after the company discovered around 670,000 computers worldwide -- 98-percent which are most likely running Mac OS X -- infected with the Flashback malware. Even more, most of the Flashback botnet resides within the United States itself.

"Throughout the previous weekend, Kaspersky Lab experts have seen a decline in the number of infected computers (known as bots) for Flashfake: on April 6 the total number was 650,748," the company told Tom's in an email. "At the conclusion of April 8 the number of active bots was 237,103; however, the decrease in infected bots does not mean the botnet is rapidly shrinking. The statistics represent the number of active bots connected to Flashfake during the past few days – it is not the equivalent of the exact number of infected machines. Infected computers that were inactive during the weekend would not be communicating with Flashfake, thus making them not appear as an infected bot."

According to the security firm, 300,917 infected computers reside within the United States, followed by Canada (94,625), the United Kingdom (47,109) and Australia (41,600). Other infected countries included France (7891), Italy (6585), Mexico (5747), Spain (4304), Germany (4021) and Japan (3864). The company also said it managed to reverse-engineer the Flashback/Flashfake malware back on Friday and registered several domain names which could be used by criminals as a command and control (C&C) server for managing the botnet.

"This method enabled them to analyze the communications between infected computers and the C&Cs," Kaspersky said. "By connecting to Flashfake, Kaspersky Lab’s experts are able to continuously monitor the botnets communication with active bots and have published their findings via a post by Alexander Gostev, Chief Security Expert, Kaspersky Lab."

Mac users concerned that they may be infected with Flashback/Flashfake can head to this Kaspersky website to scan the system online. This dedicated site is safe for users to visit and enter their computer’s UUID, which will be checked in Kaspersky Lab’s Flashfake database of infected computers (instructions for entering user UUIDs are included as well). If the UUID is found in Kaspersky's database, then Mac users will need to download and run this Kaspersky Flashfake Removal Tool.

Meanwhile, Apple is reportedly working on its own Flashback/Flashfake removal tool. So far a release date hasn't been set, but the company says it's working with ISPs worldwide to disable the C&C network. The Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions, Apple states.

For now Apple suggests that users running Max OS X v10.5 or earlier can better protect themselves by disabling Java in the web browser's preferences. section.

"Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6," Apple reports. "By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates."

Follow @exfileme on Twitter.

Discuss
Display all 13 comments.
This thread is closed for comments
Top Comments
  • 16 Hide
    Caffeinecarl , April 11, 2012 5:36 PM
    And of course, Apple reserves the right to brick your computer if you use Kaspersky's removal tool if you need to prevent losing your hard work ahead of Apple's release schedule for their fix as it's a violation of their T&C's.
Other Comments
  • 16 Hide
    Caffeinecarl , April 11, 2012 5:36 PM
    And of course, Apple reserves the right to brick your computer if you use Kaspersky's removal tool if you need to prevent losing your hard work ahead of Apple's release schedule for their fix as it's a violation of their T&C's.
  • 4 Hide
    applegetsmelaid , April 11, 2012 5:36 PM
    Forts don't got carpet!
  • -2 Hide
    COLGeek , April 11, 2012 6:26 PM
    CaffeinecarlAnd of course, Apple reserves the right to brick your computer if you use Kaspersky's removal tool if you need to prevent losing your hard work ahead of Apple's release schedule for their fix as it's a violation of their T&C's.

    Huh? How does using Kaspersky violate Apple's license? There are several OS X anti-virus programs available for users today and none of them are made by Apple.
  • 5 Hide
    samuelspark , April 11, 2012 7:36 PM
    COLGeekHuh? How does using Kaspersky violate Apple's license? There are several OS X anti-virus programs available for users today and none of them are made by Apple.



    It's making fun of apple, if you didn't notice.
  • -3 Hide
    COLGeek , April 11, 2012 7:41 PM
    samuelsparkIt's making fun of apple, if you didn't notice.

    Nope, didn't notice. Often, all things "Apple" get made into "Applesauce" via the hate and envy comments. So, it is hard to distinguish a "serious" comment from a "humorous" comment.
  • 0 Hide
    eddieroolz , April 11, 2012 7:49 PM
    Kudos to Kaspersky.
  • 2 Hide
    Anonymous , April 11, 2012 10:56 PM
    So if you are on 10.5 or earlier Apple's advice to you, rather than just use Kaspersky's already available fix, is to disable Java.

    Thanks guys. Perhaps for your next trick, may you suggest just not using your computer entirely?
  • 0 Hide
    aicom , April 11, 2012 11:00 PM
    AphroSo if you are on 10.5 or earlier Apple's advice to you, rather than just use Kaspersky's already available fix, is to disable Java.Thanks guys. Perhaps for your next trick, may you suggest just not using your computer entirely?


    It's par for the course sadly. If you recall, there were several security flaws in NT 4 and 9x that Microsoft refused to fix due to the products being EOL.
  • 2 Hide
    nebun , April 12, 2012 2:11 AM
    the funny part is that no one from China got infected....this seems suspicious
  • 1 Hide
    Caffeinecarl , April 12, 2012 3:51 AM
    COLGeekNope, didn't notice. Often, all things "Apple" get made into "Applesauce" via the hate and envy comments. So, it is hard to distinguish a "serious" comment from a "humorous" comment.

    I used to be a major Apple fan and was seriously considering buying one of their desktops, owned an ipod, and used to use itunes on a daily basis to purchase music online, and then I started running into all the Apple snags that they don't show on the pretty TV commercials.

    ...and then I did something I could never do with a Mac with a PC. Built one!
  • 0 Hide
    Vladislaus , April 12, 2012 7:48 AM
    aicomIt's par for the course sadly. If you recall, there were several security flaws in NT 4 and 9x that Microsoft refused to fix due to the products being EOL.

    How old was windows 9x and NT 4.0 when Microsoft refused to fix those issues. Three years back, all Apple computers still came with Mac OS X 10.5.
  • 0 Hide
    abba41 , April 12, 2012 12:26 PM
    How ironic, I just clicked on the link to this article on my Win7 machine and Kaspersky antivirus gave me this message:

    Downloading object, containing malicious URL
    Time: 12/04/2012 22:05:35
    Application : Firefox
    Object: http://www.dailyforexrates.info/g.gif
    Reason: URL found in the database
    Result: Denied: http://www.dailyforexrates.info/g.gif (analysis using the database of suspicious URL's)
  • 0 Hide
    Crush3d , April 12, 2012 4:01 PM
    Anxiously awaiting the Apple lawsuit against Kaspersky for some bogus infringement.