Kaspersky Offers Flashback Trojan Killer; Apple's Coming Soon

Kaspersky Lab said on Tuesday that it has launched free detection and removal tools for the Flashback/Flashfake malware. The news arrives after the company discovered around 670,000 computers worldwide -- 98-percent which are most likely running Mac OS X -- infected with the Flashback malware. Even more, most of the Flashback botnet resides within the United States itself.

"Throughout the previous weekend, Kaspersky Lab experts have seen a decline in the number of infected computers (known as bots) for Flashfake: on April 6 the total number was 650,748," the company told Tom's in an email. "At the conclusion of April 8 the number of active bots was 237,103; however, the decrease in infected bots does not mean the botnet is rapidly shrinking. The statistics represent the number of active bots connected to Flashfake during the past few days – it is not the equivalent of the exact number of infected machines. Infected computers that were inactive during the weekend would not be communicating with Flashfake, thus making them not appear as an infected bot."

According to the security firm, 300,917 infected computers reside within the United States, followed by Canada (94,625), the United Kingdom (47,109) and Australia (41,600). Other infected countries included France (7891), Italy (6585), Mexico (5747), Spain (4304), Germany (4021) and Japan (3864). The company also said it managed to reverse-engineer the Flashback/Flashfake malware back on Friday and registered several domain names which could be used by criminals as a command and control (C&C) server for managing the botnet.

"This method enabled them to analyze the communications between infected computers and the C&Cs," Kaspersky said. "By connecting to Flashfake, Kaspersky Lab’s experts are able to continuously monitor the botnets communication with active bots and have published their findings via a post by Alexander Gostev, Chief Security Expert, Kaspersky Lab."

Mac users concerned that they may be infected with Flashback/Flashfake can head to this Kaspersky website to scan the system online. This dedicated site is safe for users to visit and enter their computer’s UUID, which will be checked in Kaspersky Lab’s Flashfake database of infected computers (instructions for entering user UUIDs are included as well). If the UUID is found in Kaspersky's database, then Mac users will need to download and run this Kaspersky Flashfake Removal Tool.

Meanwhile, Apple is reportedly working on its own Flashback/Flashfake removal tool. So far a release date hasn't been set, but the company says it's working with ISPs worldwide to disable the C&C network. The Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions, Apple states.

For now Apple suggests that users running Max OS X v10.5 or earlier can better protect themselves by disabling Java in the web browser's preferences. section.

"Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6," Apple reports. "By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates."

Follow @exfileme on Twitter.

  • Caffeinecarl
    And of course, Apple reserves the right to brick your computer if you use Kaspersky's removal tool if you need to prevent losing your hard work ahead of Apple's release schedule for their fix as it's a violation of their T&C's.
    Reply
  • applegetsmelaid
    Forts don't got carpet!
    Reply
  • COLGeek
    CaffeinecarlAnd of course, Apple reserves the right to brick your computer if you use Kaspersky's removal tool if you need to prevent losing your hard work ahead of Apple's release schedule for their fix as it's a violation of their T&C's.Huh? How does using Kaspersky violate Apple's license? There are several OS X anti-virus programs available for users today and none of them are made by Apple.
    Reply
  • samuelspark
    COLGeekHuh? How does using Kaspersky violate Apple's license? There are several OS X anti-virus programs available for users today and none of them are made by Apple.

    It's making fun of apple, if you didn't notice.
    Reply
  • COLGeek
    samuelsparkIt's making fun of apple, if you didn't notice.Nope, didn't notice. Often, all things "Apple" get made into "Applesauce" via the hate and envy comments. So, it is hard to distinguish a "serious" comment from a "humorous" comment.
    Reply
  • eddieroolz
    Kudos to Kaspersky.
    Reply
  • So if you are on 10.5 or earlier Apple's advice to you, rather than just use Kaspersky's already available fix, is to disable Java.

    Thanks guys. Perhaps for your next trick, may you suggest just not using your computer entirely?
    Reply
  • aicom
    AphroSo if you are on 10.5 or earlier Apple's advice to you, rather than just use Kaspersky's already available fix, is to disable Java.Thanks guys. Perhaps for your next trick, may you suggest just not using your computer entirely?
    It's par for the course sadly. If you recall, there were several security flaws in NT 4 and 9x that Microsoft refused to fix due to the products being EOL.
    Reply
  • nebun
    the funny part is that no one from China got infected....this seems suspicious
    Reply
  • Caffeinecarl
    COLGeekNope, didn't notice. Often, all things "Apple" get made into "Applesauce" via the hate and envy comments. So, it is hard to distinguish a "serious" comment from a "humorous" comment.I used to be a major Apple fan and was seriously considering buying one of their desktops, owned an ipod, and used to use itunes on a daily basis to purchase music online, and then I started running into all the Apple snags that they don't show on the pretty TV commercials.

    ...and then I did something I could never do with a Mac with a PC. Built one!
    Reply