Apple released a second update to its form of Java today that will clean up “the most common variants” of the Flashback Trojan affecting Mac computers.
The Java update will not only clean up these variants, but will also disable automatic execution of Java applets. You can turn these back on in the preferences tab. If no applets are run in a certain amount of time, however, the Java plug-in will re-disable automatic executive of Java applets. Prior to this update, Apple had patched the hole in Java, but hadn’t yet released a way to get rid of the virus. Get the update here.
Yesterday security company F-Secure released its own tool for cleaning up the Trojan. To use F-Secure’s tool, all you have to do is download a zip file found here, unzip it and follow the instructions. The program will then both identify and quarantine the virus — if it’s present on your machine — into a password protected file. From there, it will give you instructions how to remove the Trojan. F-Secure chief research officer Mikko Hypponen noted his surprise that Apple had not created its own cleaner in a blog post on the tool.
The Flashback Trojan enters computers through infected websites. When a user visits the infected website, they are prompted to download a browser plug-in, such as Flash, in order to see more content. When they download the “plug-in,” the malware accesses a hole in Apple’s customized version of Java and thereby gain access to the computer.
Users are easily tricked into downloading the malware because asking people to download a plug-in is common practice on the Internet. It’s hard to decipher between a legitimate request (especially when a website you trust is infected) and malware.
Flashback has reportedly only hit around 600,000 Mac computers, but the surprise comes from those who believed Macs were impervious to the virus. Indeed, Macs are vulnerable to attack, but given the high proliferation of Windows computers, it is more profitable for the hacker to target that mass market.