Apple on Friday released version 1.0 of its "Flashback malware removal tool" which will scan a user's computer and erase known iterations of the trojan that some are calling the worst the Mac platform has ever seen.
The standalone program is meant to be used by Mac users who don't have Java already installed on their machines and includes the same code as yesterday's software update that plugged a security hole which allowed the malware to automatically install itself without admin authorization.
From the release notes:
About Flashback malware removal toolThis Flashback malware removal tool that will remove the most common variants of the Flashback malware.
If the Flashback malware is found, a dialog will be presented notifying the user that malware was removed.
In some cases, the Flashback malware removal tool may need to restart your computer in order to completely remove the Flashback malware.
This update is recommended for all OS X Lion users without Java installed.
At one point, a reported 600,000 Macs worldwide were part of the Flashback botnet, which harvested personal information and web browsing logs from affected machines. Apple was slow to release a patch for the exploit, but managed to roll out two updates within the past week.
The notorious trojan was first discovered last year by a security firm, tricking users into installing it under the guise of an Adobe Flash installer. The most recent version bypasses any user action and automatically installs itself after an affected website is visited.
Apple's Flashback removal tool comes in at 356KB and can be downloaded here. In order to use the software, a user's Mac must be running OS X Lion without Java installed.
52 Comments
I commend Apple for releasing this standalone Flashback trojan removal tool, for people who do not have Java installed (on Lion). This should help take some of the confusion and frustration away. Thank you Apple.
Might be a good idea for Apple to buy Little Snitch and fold it into OSX.
Might be a good idea for Apple to buy Little Snitch and fold it into OSX.
I was thinking the same thing the other day. Little Snitch would be a cheap investment for Apple to make to ensure users were more comfortable about what programs were attempting to send data out over the Internet. Little Snitch saved me after I installed it, after I was infected with this Flashback trojan, as it found several variants of Flashback still lurking around on my Mac.
What about older OS X versions? Are pre-10.6 & 10.7 systems that have java installed equally vulnerable to this trojan? I'd like to check my sister's old powerbok g4 that's running OS X 10.5, but this tool says it's specifically for 10.7 only, and I know the java updates that solved this issue were only for 10.6 & 10.7.
What about older OS X versions? Are pre-10.6 & 10.7 systems that have java installed equally vulnerable to this trojan? I'd like to check my sister's old powerbok g4 that's running OS X 10.5, but this tool says it's specifically for 10.7 only, and I know the java updates that solved this issue were only for 10.6 & 10.7.
Apple policy has always been to support only current and previous OS. There are plenty of other ways to find out if you're infected and how to prevent re-infection. Just look...