Here’s the latest on the Flashback Trojan courtesy of: osxantimalware.com:
Do you have any antimalware software on your Mac? Wait, that’s right, you don’t need it, do you? Because the received wisdom is that the Mac operating system – OS X – is superior to Windows and is immune to the plague of trojans, viruses and other assorted nasties that can cripple a Windows machine.
Think again. In fact, OS X is no more or less immune to attack than any other operating system, and the recent spate of attacks means it’s time for Mac users to become responsible members of the wider computing community. Malware isn’t just about causing havoc on one machine any more. Malware can steal your passwords and give the bad guys free access to all your financial accounts: it’s no fun to wake up one morning and find that your bank account has been stripped bare. And an infection picked up from, say, a Java exploit such as the Flashback trojan, which is thought to have hit up to 600,000 Macs, can add your computer to a botnet – a network of zombie computers that can be used for criminal ends such as launching a distributed denial of service (DDoS) attack or spewing out spam.
Mozilla this week began blocking outdated versions of a Java plug-in in Firefox for some Mac users after calling the threat posed by the Flashback malware “evident and imminent.”
The move came two weeks after Mozilla disabled unpatched versions of Oracle’s software on Firefox for Windows.
Although Mozilla said on April 2 that it might add the Java plug-in to Firefox for Mac’s blocklist — a list it maintains of add-ons and plug-ins that the company disables because they’re infected with malware or have been targeted by attackers — it didn’t follow through until Monday.
In a post to the company’s Add-Ons blog, Mozilla said the delay was due to the uptake of the patched plug-in Apple began distributing April 3.
As Mozilla noted, cleanup efforts have made headway on the number of Macs infected with the Flashback malware. While more than 600,000 Macs were infested with Flashback as recently as two weeks ago, that number fell by 60% last week.
The campaign to eliminate the Flashback malware from Apple OS X devices has seen the number of infected machines decline from more than 600,000 at the peak of the infection. By Monday, Symantec reported that just 140,000 active infections were detected, and on Tuesday fewer than 99,000.
Flashback is considered to be the largest Mac malware threat to date. Compared to the massive Conficker botnet for Windows PCs, Flashback compromised a larger percentage of Mac computers. Flashback emerged last year, masquerading as an update for Adobe Flash, but later gained the ability to install itself automatically when users visited a compromised website. On infected computers, Flashback will attempt to harvest information from Web browsing activities and will send that information to remote command-and-control servers.
Flashback isn’t something to take lightly. Notably, Flashback targets a Java vulnerability that was apparently reverse-engineered by attackers after Oracle patched the same flaw in Windows about two months ago. The attackers then used the flaw to facilitate malware drive-by attacks against Macs. Successfully infected computers, or “zombie Macs,” get added to a botnet, which could push additional malicious code modules onto the computer. As Symantec noted, “The Flashback payload is considerably larger than the initial stage downloading component.”
The campaign to eliminate Flashback has moved quickly. After security watchers first spotted the malware, Apple last week broke with tradition–typically it says nothing about any security vulnerability in its products until it’s released a fix–by announcing that it was in the process of coding a fix for Flashback. Other companies, including security firm Kaspersky, had already released tools for detecting Flashback (aka Flashfake)–with links to their free antivirus products for infected users to eradicate the malware.