Apple announces that is developing a tool to "detect and remove" the Flashback Trojan that is said to have infected more than half a million Mac computers
Apple announces that is developing a tool to “detect and remove” the Flashback Trojan that is said to have infected more than half a million Mac computers.
The giant tech company said it is working with internet service providers (ISPs) to disrupt the command network being used by hackers to exploit the malware.
Trojans are infections that can expose computers to control by hackers.
It is Apple’s first statement on the threat. It issued patches to prevent the malware’s installation last week.
The two security updates were released eight weeks after Java’s developer Oracle issued a fix for other computer systems.
In a message posted on Apple’s website’s support section, the company said it had fixed a “Java security flaw for systems running OS X v10.7 and Mac OS X v10.6”.
It suggested users of Macs running earlier versions of its system software should disable Java in their web browser preferences.
In addition, Apple said it was working with ISPs to shut down networks of servers hosted by the malware authors, which the code – known as Flashback – relies on “to perform many of its critical functions”.
Russian anti-virus firm Dr Web, which has tracked the scale of the botnet, said it believed around 650,000 machines had now been infected.
According to a timeline of events posted on its website, Dr Web said activity surrounding the virus began as far back as February.
Traditionally, Apple has promoted the fact that its Macintosh line is largely free from viruses and other similar threats due to the fact almost all malicious software is designed to exploit computers running on Microsoft Windows.
McAfee Labs’ Dave Marcus told the AFP news agency: “All the stuff the bad guys have learned for doing attacks in the PC world is now starting to transition to the Mac world.”
“Mac has said for a long time that they are not vulnerable to PC malware, which is true: they are vulnerable to Mac malware.”
The security firm F-Secure has posted detailed instructions about how to confirm if a machine is infected and how to manually remove the Trojan.
Dr. Web, a Russian anti-virus firm, has reported that more than half a million Apple computers have been infected with the Flashback Trojan.
The report claims that about 600,000 Macs have installed the malware – potentially allowing them to be hijacked and used as a “botnet”.
Dr. Web says that more than half that number are based in the US.
Apple has released a security update, but users who have not installed the patch remain exposed.
Flashback Trojan was first detected last September when anti-virus researchers flagged up software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer’s security software.
Later versions of the malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user’s permission.
Dr. Web has reported that more than half a million Apple computers have been infected with the Flashback Trojan
Dr. Web said that once the Trojan was installed it sent a message to the intruder’s control server with a unique ID to identify the infected machine.
“By introducing the code criminals are potentially able to control the machine,” said the firm’s chief executive Boris Sharov.
“We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals’ hands. However, we know people create viruses to get money.
“The largest amounts of bots – based on the IP addresses we identified – are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people.”
Dr. Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California – home to Apple’s headquarters.
Java’s developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.
Apple released its own “security update” on Wednesday – more than eight weeks later. It can be triggered by clicking on the software update icon in the computer’s system preferences panel.
The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.
Although Apple’s system software limits the actions its computers can take without requesting their users’ permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable.
“People used to say that Apple computers, unlike Windows PCs, can’t ever be infected – but it’s a myth,” said Timur Tsoriev, an analyst at Kaspersky Lab.
Apple could not provide a statement at this time.
