Sluggish Apple strikes at Flashback

Powered by SC Magazine
 

Flashback removal tool planned as malware storm subsides.

Apple will develop software that will detect and remove the Flashback malware that was estimated to have impacted around 600,000 Macs.

The Flashback malware exploited a security flaw in Java to install itself on Macs and also relied on computer servers hosted by the malware authors to perform many of its critical functions.

Apple confirmed it was working with ISPs globally to disable the command and control network, and released a patch at the start of April that fixed the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6.

Research by Kaspersky Lab found that the size of the Flashback botnet decreased over the Easter weekend to around 237,000, although it said that this does not indicate that it is shrinking rapidly.

Symantec claimed the botnet had reached its size by using vulnerabilities such as the Oracle Java SE Remote Java Runtime Environment Denial Of Service vulnerability (CVE-2012-0507, which was patched by Windows in February) to spread the malware through exploit kits such as Blackhole.

Doctor Web, which discovered the botnet, said a distinct difference with Flashback is that the malware can switch between several servers for better load balancing and, after receiving a reply from a control server, verifies its RSA signature and, if successful, downloads and runs payload on the infected machine.

Each infected bot includes a unique ID of the infected machine into the query string it sends to a control server. Doctor Web's analysts employed the sinkhole technology to redirect the botnet traffic to their own servers and thus were able to count infected hosts.

Kaspersky has released a free removal tool this week for Flashback. Users can check if they are infected by visiting Kaspersky Lab's safe verification site and can remove the malware using the Kaspersky Flashfake Removal Tool.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition


Sluggish Apple strikes at Flashback
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 433

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 209

Vote