Apple is developing a tool to detect and remove the Flashback malware, the company announced via its support page today (via The Loop).
The Flashback malware, a trojan horse, struck Mac OS X systems in force late February, taking advantage of a vulnerability in the version of Java that comes embedded in OS X. The malware first made its appearance in September 2011, masquerading as an installer for the Adobe Flash Player before the new Java variant surfaced in February.
Apple released two Java updates last week to patch the vulnerability in Java and prevent new infections, but could not remove the infection if it already existed on the Mac. Users who have already been infected must remove the trojan manually.
Now Apple states that official software is coming from the company that will “detect and remove the Flashback malware,” although the company did not indicate an expected release date. They also claim to be “working with ISPs worldwide” to disable the remote servers which control the infected computers.
Russian antivirus company Dr. Web estimated last week that over 600,000 Macs have been infected thus far, making this one of the largest and most significant security issues in the Mac’s history.
Dr. Web had been using “spoofed” command and control servers to communicate with infected computers in an effort to monitor the spread of the infection. In a heavily criticized move, Apple attempted to shut down the Dr. Web servers, as the Cupertino company was unable to distinguish them from the actual malevolent command and control servers.
While Apple’s shut down request is being viewed by most as an “honest mistake,” some are pointing to the move as a dangerous example of Apple’s inexperience when it comes to security issues. Boris Sharov, CEO of Dr. Web, noted that his company maintains close ties with Microsoft’s security teams, but that they “don’t know the antivirus group inside Apple.”
“These are not pleasant days for them,” Mr. Sharov said. “They’re not thinking about us. The safety of Macintosh computers is going down very quickly, and they’re thinking what to do next. They’re thinking about how to manage a future where the Mac is no longer safe.”
Mac users with OS X 10.6 and 10.7 should run Software Update to ensure that they have the latest Java updates from Apple, and should follow the instructions found here to ensure that they have not unknowingly become infected.
Apple has not released a Java update for OS X 10.5 and earlier, and recommends that users on those versions of OS X disable the Java web plug-in in their Web browser.