Apple has announced via its support site that it is both working with Internet service providers worldwide to take down the botnet distributing the Flashback malware exploit and that it will release a removal tool for infected Macs, reports The Loop.
The Flashback malware had spread to some 500,000 infected systems as of last week, by taking advantage of a security flaw in Java which had been discovered in February. The security of Mac computers at large was obviously in question, so it’s good to see Apple take decisive action, although it would have been nice to see it a bit sooner, as this was a known vulnerability.
The Flashback program installs on an un-patched machine and attempts to harvest web browsing activity, usernames and passwords. It then sends that information to its network of computers across the internet. It is what’s known as a ‘drive-by’ infection because it can install itself on your machine after just a visit to an infected page, without any administrator passwords or installation procedures necessary.
As it stands, Apple says that it released a Java update on April 3rd which fixed the security flaw for Macs running OS X 10.7 and 10.6 and people can install that using Software update. Apple says that it is also developing a removal tool that can be used to clean up systems that have already been infected. It will most likely be made available for download from its support site.
Apple also says that the company is working on taking down the network of computers that the malware relies on to propogate.
The Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.
Apple has a bit of a mess on its hands with these Flashback variants, and it needs to revise its attitude towards incremental patching of security holes. Two months is too long for a Java flaw to be able to compromise existing systems, regardless of whether new machines ship with it installed or not.
There are already a series of free removal tools from reputable companies like Kaspersky. Taking proactive action in shutting down the botnet is a good thing, lets hope that Apple continues this trend.