Keep your Mac free from Flashback/Flashfake malware

- April 13th, 2012

FlashflakeScreen

In a movie or a book a flashback takes you from where you are, back to a moment in time. But if your Mac has one of a number of variants of Flashback or Flashfake, it likely means that your computer is infected with malware designed to allow cyber bad guys to install malicious code on your computer. It can do things ranging from generating fake search engine results, generating profits for cyber criminals via “click fraud”, to data theft and spam distribution and even use your computer as a bot for other purposes.

Kaspersky Lab performed an analysis of a recent variant they uncovered called Trojan-Downloader.OSX.Flashfake.ab. Lab Expert Igor Soumenkov diagnosed that it’s being distributed though infected websites as a Java applet, that masquerades as an update for Adobe Flash Player.  And while the first detection dates back to September 2011 most of the infections since March 2012 have come from exploiting Java vulnerabilities.

Trojanmap

They discovered that over 600,000 computers worldwide have been infected, with the majority of them in the US and as many as 100,000 in Canada. They also suspect that 98% of the computers infected were Macs.

 

Website Checks Your Computer

To check and see if your computer is infected, Kaspersky Labs has set up a FLASHBACK CHECK website. The verification is done using your computer’s hardware UUID, it’s unique identifier, that you can copy from your Mac’s System Report and paste into an entry box on the site. If this is new to you, the site has very simple instructions to help you find it in a snap.

 

Alternately, you can simply download a free Kaspersky Flashback / Flashfake Removal tool that not only scans for the Trojan; it will remove it as well. You will need administrator access to do so.

 

Apple’s Solution to Flashback

Apple also acknowledged the existence of this malware and responded with an update Java for OS X Lion 2012–003 designed to remove the most common variants.

It also delivers Java SE 6 version 1.6.0_31. It’s designed so the automatic execution of applets via the Java Web plug-in is disabled by default. Alternately, you can manually enable automatic execution through the Java preferences app. Once running, if the plug-in detects that   no applets have run for a while, it will set it to disable mode once again. (Security update also affects Mac OS X 10.6)

 

Misperception

Many Macintosh users are under the misconception that Macs are totally immune to malware Trojans viruses and the like. While they are certainly less common they do nonetheless exist and there is the possibility that your computer just might be affected, so take the necessary precautions.

One more thing. If you need to update Adobe Flash Player, do it directly through Adobe.

photos courtesy: Kaspersky Lab, Securenet

Greg Gazin is the Real Canadian Gadget Guy.

Follow me on Twitter @gadgetgreg.

 

Subscribe to the post

5 comments

  1. Andreas Wiedow | April 14, 2012 at 2:29 am

    Thanks for the info about flashbackcheck.com

  2. cornell | April 15, 2012 at 3:01 pm

    What can be done to remove from Internet Explorer the constant, annoying SCRIPT ERROR boxes?

  3. Greg Gazin | April 15, 2012 at 5:20 pm

    Cornell, this post is about the Flashback Malware, but to possibly answer your question, have you tried disabling your debug feature? Or you could switch to Firefox.

  4. cornell | April 16, 2012 at 11:24 am

    Thx, Greg. I’ll try that.

  5. gregg | April 17, 2012 at 2:42 pm

    The only safe computer is one that is turned off, encased in concrete and dumped into the deepest part of the ocean.
    The other more expensive option is to degauss the hard drive, crush it and send the computer into a low orbit to burn up on re-entry.

Leave a comment

 characters available