Kaspersky Offers Flashback Trojan Killer; Apple's Coming Soon
Kaspersky Lab now offers a removal tool for the Flashback/Flashfake trojan. Meanwhile, Apple is working with its own separate tool.
Kaspersky Lab said on Tuesday that it has launched free detection and removal tools for the Flashback/Flashfake malware. The news arrives after the company discovered around 670,000 computers worldwide -- 98-percent which are most likely running Mac OS X -- infected with the Flashback malware. Even more, most of the Flashback botnet resides within the United States itself.
"Throughout the previous weekend, Kaspersky Lab experts have seen a decline in the number of infected computers (known as bots) for Flashfake: on April 6 the total number was 650,748," the company told Tom's in an email. "At the conclusion of April 8 the number of active bots was 237,103; however, the decrease in infected bots does not mean the botnet is rapidly shrinking. The statistics represent the number of active bots connected to Flashfake during the past few days – it is not the equivalent of the exact number of infected machines. Infected computers that were inactive during the weekend would not be communicating with Flashfake, thus making them not appear as an infected bot."
According to the security firm, 300,917 infected computers reside within the United States, followed by Canada (94,625), the United Kingdom (47,109) and Australia (41,600). Other infected countries included France (7891), Italy (6585), Mexico (5747), Spain (4304), Germany (4021) and Japan (3864). The company also said it managed to reverse-engineer the Flashback/Flashfake malware back on Friday and registered several domain names which could be used by criminals as a command and control (C&C) server for managing the botnet.
"This method enabled them to analyze the communications between infected computers and the C&Cs," Kaspersky said. "By connecting to Flashfake, Kaspersky Lab’s experts are able to continuously monitor the botnets communication with active bots and have published their findings via a post by Alexander Gostev, Chief Security Expert, Kaspersky Lab."
Mac users concerned that they may be infected with Flashback/Flashfake can head to this Kaspersky website to scan the system online. This dedicated site is safe for users to visit and enter their computer’s UUID, which will be checked in Kaspersky Lab’s Flashfake database of infected computers (instructions for entering user UUIDs are included as well). If the UUID is found in Kaspersky's database, then Mac users will need to download and run this Kaspersky Flashfake Removal Tool.
Meanwhile, Apple is reportedly working on its own Flashback/Flashfake removal tool. So far a release date hasn't been set, but the company says it's working with ISPs worldwide to disable the C&C network. The Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions, Apple states.
For now Apple suggests that users running Max OS X v10.5 or earlier can better protect themselves by disabling Java in the web browser's preferences. section.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
"Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6," Apple reports. "By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates."
Follow @exfileme on Twitter.
-
Caffeinecarl And of course, Apple reserves the right to brick your computer if you use Kaspersky's removal tool if you need to prevent losing your hard work ahead of Apple's release schedule for their fix as it's a violation of their T&C's.Reply -
COLGeek CaffeinecarlAnd of course, Apple reserves the right to brick your computer if you use Kaspersky's removal tool if you need to prevent losing your hard work ahead of Apple's release schedule for their fix as it's a violation of their T&C's.Huh? How does using Kaspersky violate Apple's license? There are several OS X anti-virus programs available for users today and none of them are made by Apple.Reply -
samuelspark COLGeekHuh? How does using Kaspersky violate Apple's license? There are several OS X anti-virus programs available for users today and none of them are made by Apple.Reply
It's making fun of apple, if you didn't notice. -
COLGeek samuelsparkIt's making fun of apple, if you didn't notice.Nope, didn't notice. Often, all things "Apple" get made into "Applesauce" via the hate and envy comments. So, it is hard to distinguish a "serious" comment from a "humorous" comment.Reply
-
So if you are on 10.5 or earlier Apple's advice to you, rather than just use Kaspersky's already available fix, is to disable Java.Reply
Thanks guys. Perhaps for your next trick, may you suggest just not using your computer entirely? -
aicom AphroSo if you are on 10.5 or earlier Apple's advice to you, rather than just use Kaspersky's already available fix, is to disable Java.Thanks guys. Perhaps for your next trick, may you suggest just not using your computer entirely?Reply
It's par for the course sadly. If you recall, there were several security flaws in NT 4 and 9x that Microsoft refused to fix due to the products being EOL. -
Caffeinecarl COLGeekNope, didn't notice. Often, all things "Apple" get made into "Applesauce" via the hate and envy comments. So, it is hard to distinguish a "serious" comment from a "humorous" comment.I used to be a major Apple fan and was seriously considering buying one of their desktops, owned an ipod, and used to use itunes on a daily basis to purchase music online, and then I started running into all the Apple snags that they don't show on the pretty TV commercials.Reply
...and then I did something I could never do with a Mac with a PC. Built one!