Apple fix Mac OS X Trojan Flashback with Java update

Over 600,000 Macs globally were reported last week by a leading security vendor to be infected with a Mac botnet. A couple of hundred of these infected Mac systems ironically were found to be based in Cupertino, California – I didn’t say Apple Inc here.

So how does the Flashback infection work? The Mac system gets infected with a well known Trojan (botnet) called ‘Mac Flashback’. This Trojan requires users to visit infected websites and exploits specifically Java vulnerabilities. A user is redirected to a bogus website from a compromised resource or via a traffic distribution system. Specific JavaScript code on the website that contains the virus is then used to load a Java applet.

The Trojan Flashback uses the applet (this is a reoccurring theme with Java bugs) to infect computer systems. Apple has known about this ‘bug’ for some time now. Once installed on the target Mac OS, the Trojan Flashback will inject code into the Web browser and other apps like Skype to harvest passwords, modify web pages and gather other information.

Update 10th April: Contagio received an anonymous Flashback.O sample from an anonymous user/victim. It’s only a payload binary, so don’t get too excited. 🙂

Apple has now pushed patches for this Java vulnerability. I suggest you download and install this Java software update immediately. Depending on which Mac OS you are running will depend on what Java update you will see in  Software Update. Apple has released updates for Mac OS X 10.6 and Lion. Check for Java for Mac OS X 10.6 Update 7 or Java for OS X Lion 2012-001.

If your Mac system is infected and you understand the basics of using Terminal, then I suggest you manually remove Trojan Flashback botnet.

Safe surfing folks!

This entry was posted in apple, malware and tagged , , . Bookmark the permalink.

One Response to Apple fix Mac OS X Trojan Flashback with Java update

  1. Pingback: Apple release Java Flashback malware removal update | News | IT Security Magazine - Hakin9

Leave a Reply

Your email address will not be published. Required fields are marked *