Security Vendors Rush Out Anti Flashback Tools For Macs

Anti-virus specialists are now offering their own toolsets to help Apple Mac users detect and remove the Flashback Trojan from their machines.

Most recently, Juan Leon, a software developer, has posted a free tool that can determine whether an Apple system is infected with the Flashback malware. The tool – first reported by news site Ars Technica – is based on process that was outlined by security software vendor F-Secure in a blog post in late March.

Flashback Detection

F-Secure’s process is a highly technical one that requires users to type in a series of commands in Terminal, which is the command line tool for the Mac OS X operating system. Leon’s free tool apparently automates the F-Secure process.

The FlashbackChecker download was posted to github and can run on Mac OS X 10.5 or above. While the tool can detect Flashback, it won’t remove it. FlashbackChecker reportedly will tell users if no infection was discovered, and will offer additional information if it finds signs that the malware has infected the Mac.

A number of security software vendors are offering ways to detect and remove the malware. Kaspersky Lab has set up a site, FlashbackCheck.com, that gives Mac users a quick description of the Flashback Trojan and how to determine whether a system has been infected. Kaspersky also offers a free removal tool.

Kaspersky, like other vendors, including F-Secure and Intego, are offering 30-day trials of their Mac antivirus tools. F-Secure also offers manual steps users can take to remove the Flashback malware.

In addition, Costin Raiu, a security expert for Kaspersky, in a post on the company’s SecureList blog, outlines steps Mac users can take to make their Apple systems more secure from many attacks, including Flashback.

Infected Macs

Kaspersky and another antivirus vendor, Doctor Web, have both found that the newest versions of the Flashback Trojan – which was first discovered last year – have infected more than 600,000 Macs worldwide, or between 1 and 2 percent of the Macs being used globally. Security experts have said that while the numbers of infected machines do not match the millions of PCs that have been hit with viruses and other malware over the years, the percentage of infected Macs makes Flashback a significant attack.

In his 9 April blog post, Kaspersky’s Raiu echoed what other security experts have said in recent months after the discovery of a host of cyber-attacks on Apple devices: Despite the belief by many users, Apple systems are not invulnerable to attacks.

“At the beginning of 2012, we predicted that an increase in the number of attacks on Mac OS X which take advantage of zero-day or unpatched vulnerabilities,” Raiu wrote. “This is a normal development which happens on any other platform with enough market share to guarantee a return-on-investment for virus writers so Mac OS X fans shouldn’t be disappointed because of this. During the next few months, we are probably going to see more attacks of this kind, which focus on exploiting two main things: outdated software and the user’s lack of awareness.”

Apple Patches

The Flashback malware takes advantage of vulnerabilities in Oracle’s Java technology. The first Flashback exploit last year was a Trojan, masquerading as an update to Adobe Flash. The newer variants are more of a drive-by malware, which relies less on users downloading the exploit to their Macs. Instead, it hits vulnerable systems when users visit malicious or compromised Web sites.

Apple last week issued two patches aimed at addressing the vulnerabilities. However, the company has drawn criticism from some security experts, who note that Oracle issued the patches months ago for Windows PCs. However, Apple doesn’t let third parties patch applications on its computers, so the Apple patches weren’t sent out until last week.

That heightens the threat to Mac users who download such applications as the Java Web browser, which is becoming a more popular target for cyber-criminals, according to Kaspersky’s Raiu. In addition, as Apple Internet-connected devices – including the Mac, iPhone, iPad and iPod – become more popular among consumers, they also will become a more common malware target.

How well do you know Internet security? Try our quiz and find out!