Apple releases Java update to protect Macs against Flashback trojan

Flashback Trojan
Image Credit: http://www.shutterstock.com/pic-95916181/stock-photo-trojan-virus-metaphor.html

Trojan

As Apple grows, so will the number of viruses that can affect its systems. Today, it issued a Java update to keep one of these viruses, the Flashback Trojan, at bay.

Flashback is a type of malware that is transferred to your computer by masquerading as a safe browser plug-in. When you visit an infected website housing the malware, you’ll be prompted to download a plugin in order to view content. Giving permission to install that plugin allows the malware to download to your computer and begin running. Evolved versions of the virus use a hole in Apple’s version of Java to download to your Mac immediately after you open the webpage.

Doctor Web MapRussian antivirus vendor Doctor Web estimates that up to 550,000 Macs have been infected thus far, with over half of those located in the United States.

“There has been a significant increase in Mac malware in the last several quarters, so what we’ve seen with the Flashback Trojan isn’t particularly surprising,” said Dave Marcus, director of advanced research and threat intelligence at McAfee Labs, in an e-mail to VentureBeat. “As the popularity of Macs increases, so will attacks on the Mac platform. Users should always take the proper precautions to protect themselves by ensuring that their security software … and all Apple patches are up to date.”

Apple latest update to Java patches the hole and closes the malware’s ability to easily get in. But like most malware, the writers will be able to find a new vulnerability and exploit it. Cnet makes the point that Apple uses its own version of Java rather than the public versions, so while this hole had been patched by Java back in February, Apple’s version took until now to fix.

F-Secure explains how to check if you have the malware installed on your Mac. Do a search of your computer using Spotlight for “Terminal” and open the program. In it type the following:

  • defaults read /Applications/Safari.app/Contents/Info LSEnvironment
  • defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get anything other than “does not exist” back, F-Secure can show you how to remove the virus and do other tests.

Doctor Web has identified some websites that have been infected with the malware, but warns that there are many more out there. These websites include:

  • godofwar3.rr.nu
  • ironmanvideo.rr.nu
  • killaoftime.rr.nu
  • gangstasparadise.rr.nu
  • mystreamvideo.rr.nu
  • bestustreamtv.rr.nu
  • ustreambesttv.rr.nu
  • ustreamtvonline.rr.nu
  • ustream-tv.rr.nu
  • ustream.rr.nu

Trojan horse image via Shutterstock