Update 4/12/12 Apple has now released Java for OS X 2012-003 and it is now available thru software update.
This Java security update removes the most common variants of the Flashback malware.
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
This update is recommended for all Mac users with Java installed.
For details about this update see: http://support.apple.com/kb/HT5242
It appears that Kaspersky has quietly removed their tool. There was no mention of it on their site this morning, but I downloaded it last night. F-Secure has a script that will remove the trojan, and that can be found here.
Update 4/11/12 Kaspersky has released a free Flashback removal tool. You can download the application called “Flashfake Removal Tool” at this link: http://support.kaspersky.com/viruses/utility
Also, users of OpenDNS can’t get the virus
The Flashback Trojan has now infected more than 600,000 Macs according to recent news reports. Apple has already issued two Java updates to combat the vulnerability. While virus issues on Macs are rare, the crew at MacMedics has already encountered the Flashback Trojan several times.
There were some ways you could check to see if you had the Trojan via Terminal, but that’s not super user friendly.
Now there is a free application you can download to see if your Mac is infected.
Just download the Flashback Checker from Github, unzip the package, and open the application. Then, click the “Check for Flashback Infection” button and let the software check your Mac.
If it turns out that you have been infected, just give us a call for help removing the Trojan.
If needed, we can connect to your Mac remotely from our office, or we can send a tech to your location for help with removal. If you’d like to take care of it yourself, it’s not too hard, but it does involve using Terminal, which is not something we recommend most clients to use without guidance. Apple will be releasing a tool that will take care of the trojan for you. That tool is not available quite yet.
Update from Apple:
A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.
Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates.
Apple is developing software that will detect and remove the Flashback malware.
In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.
For Macs running Mac OS X v10.5 or earlier, you can better protect yourself from this malware by disabling Java in your web browser(s) preferences.
This article from Apple can be found here: http://support.apple.com/kb/HT5244
If you would like important information like this sent to you via email, please sign up for the MacMedics newsletter below:
Sign Up for Our Newsletter: