Since the latest variants of the Flashback malware have appeared, this malware has been very effective in infecting Macs. Exploiting a Java vulnerability, infections occurred, in many cases, with no user intervention. Russian security company Dr. Web, which analyzed server traffic to the Flashback command and control severs, estimates that more than 500,000 Macs are infected.
Apple has since released a Java update, patching the vulnerability that Flashback was using, and it is essential that all Mac users apply this update. If you have Java on your Mac – included with OS X 10.6, and download on OS X 10.7 if you have tried to launch a Java applet – you will see the update in Software Update. Choose Software Update from the Apple menu on your Mac to check for the update.
Intego’s Malware Research Team has seen dozens of variants of the Flashback malware in the past week, showing a rarely seen level of activity for Mac malware. As of today, however, all of the servers that were providing the Flashback malware seem to be off-line; this is likely to do the activities of the many security companies that have worked on exposing this malware and the servers it uses. However, the command and control servers are still active, so those Macs that are infected are still vulnerable to data theft and more.
This malware has changed greatly from its first incarnation. Initially a fake Adobe Flash installer (hence the name Flashback), it later changed to impersonate a Software Update dialog, before using Java vulnerabilities to install. It is likely that this malware will be back in another guise in the future. But for now, the most important thing users can do is make sure that they update Java – as well as apply any other security updates that they haven’t installed yet – to be protected in case the Flashback servers come back online.
Intego VirusBarrier X6 protects against Flashback and all other Mac malware. The Intego Malware Research Center is ensuring that regular updates to the program’s threat filters include new malware definitions for the latest variants of the Flashback malware.