Apple Battles The Flashback Trojan Horse: 140,000 Mac Computers Still Infected With Virus Despite Attempts At Malware Removal

 @redletterdave
on April 18 2012 11:09 AM

The Flashback Trojan isn't so easy to dismantle, after all. Even though Apple released two software updates and an additional removal tool that was said to eliminate the malware that affected about 600,000 Macs, roughly 140,000 Mac computers are still infected, according to security company Symantec.

The statistics from our sinkhole are showing declining numbers on a daily basis, the company wrote on its blog. However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case. Currently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark.

Around the first week of April, a Russian antivirus company discovered that hundreds of thousands of Macs were infected with a variant of the Flashback trojan horse, which reportedly was able to exploit several vulnerabilities in Java, allowing itself to install onto the user's browser without any intervention or action on the user's part.

According to Intego's security blog:

It is worth noting that Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac in question. It does this to avoid detection. It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren't protected.

The Flashback Trojan also could create a false Apple-signed Java certificate, which tricked users into clicking the Continue button to let the trojan infect the host further, sucking personal data including usernames and passwords for Google, PayPal and eBay into the cloud.

Over the next week, Apple released two Java security patches (2012-001 and 2012-002) and a general fix (2012-003) via the Software Update application, which was said to remove the most common variants of the Flashback malware. It also promised to disable the automatic execution of Java applets, which could be re-enabled within the Java Preferences application. But despite Apple's attempts to kill the trojan horse, the Flashback malware still remains on about 1 percent of all Mac computers.

So how do you know if you still have it? Luckily, Norton github released a free Flashback checker, which runs an automatic check. If you don't run it, you won't know if your computer has been infected or not.

If Apple's updates don't work, you can always try Symantec's own Norton Antivirus solution, which includes a free Flashback Detection and Removal Tool. Then you can run the free Flashback checker again and see if the Trojan survived.

This is hardly a failure on Apple's part. Even though the Flashback virus has been in the wild for about two weeks, the malware has many variants and the number of infections continues to dwindle each day. Keep checking the Software Update application if none of these malware solutions still work, and soon this Trojan horse will be a thing of the past.

These types of malware won't come around as often once Apple releases the next Mac operating system this summer, Mac 10.8 Mountain Lion. The update will come with an intimidating new security feature called Gatekeeper, which protects the user from potentially harmful downloads, particularly within the Mac App Store.

To achieve this level of safety, Apple has created the Developer Program, which gives each developer a unique ID and digital signature on their apps. The Mac sees and understands this digital signature and knows that the application doesn't contain malware or hasn't been tampered with. If your preferences don't match your current needs, users can also temporarily override their own settings by Control-clicking the app and installing it.

Beyond the Mac App Store, Gatekeeper allows Mac users to control what apps they install and use. Apple added more optional security features, like requiring a password for sleep and a screen saver or disabling automatic login, but it's all in the name of giving the user more control over their privacy and security.

Have you been infected with the Flashback virus? Have you downloaded the newest software updates, patches and tools? Let us know in the comments section below.

Share this article