Apple working on software to detect and remove Flashback trojan
The Cupertino, Calif., company made mention of the upcoming tool in a support document regarding the malicious software, as noted by Jim Dalrymple of The Loop. The document also pointed users to last week's Java update that patched the security flaw that the virus was exploiting.
"In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network," the company said.
Apple also advises Macs running OS X 10.5 or earlier to disable Java in their browser preferences.
The Flashback trojan horse was first discovered last September. The malware posed as a phony Adobe Flash Player installer in order to trick users into installing it. At the time, a security first categorized the threat as "low." The current version of Flashback used the Java vulnerability to create a botnet that could mine personal information from unsuspecting users.
Evidence of Apple's efforts to contact ISPs surfaced earlier on Tuesday when a Russian security firm revealed that the company had targeted one of its servers as being "involved in a malicious scheme." Dr. Web chief executive Boris Sharov said the server was "not doing any harm to users" and was being used to monitor the spread of the virus.
Sharov noted that the relative rarity of Apple security issues meant that Dr. Web hadn't established close ties with the company. "For Microsoft, we have all the security response teamâs addresses,â he said. âWe donât know the antivirus group inside Apple.â
Last week, a Dr. Web analyst claimed that 600,000 Macs around the world had been infected by the Flashback malware. 56.6 percent of those infections are reportedly located in the U.S.