Trojan ‘Flashback’ hits 600,000 Mac users worldwide, Here is what you need to do

For those of you, who have been worshipping Apple as secure “right out of the box” devices, think again! It has been confirmed that a Trojan christened ‘Flashback’ has affected an estimate of 600,000 or more Mac’s OSX around the world and is reported to be the worst security disaster to have ever hit these machines. Dr. Web, a popular Russian security solution vendor has the break-up and details of the trojan’s reach.

According to Catalin Cosoi, chief security researcher for antivirus-software maker Bitdefender, “600,000 represents around 12 per cent of the Mac OS computers sold in Q4 2011 which means that if we count the number of Mac OS devices sold in the past three years, we can estimate that less than 1 per cent of the Mac OS computers are possibly infected. On the other hand, if we look at the actual numbers and not at the percentages, the numbers look pretty scary.”macbookair

With some 56.6 per cent of infections, the US leads the list with the maximum number of infected Macs and Macbooks closely followed by Canada and the UK. Australia stands at the fourth place with 6.1 per cent infections. It seems that the Trojan – Flashback, has been using a previous unpatched vulnerability in Java to invisibly infect Apple users through so-called ‘drive-by downloads’. The machines get infected after they visit a redirected link to a bogus site from a compromised resource or via a traffic distribution system that fires up some Javascript code. “The exploit saves an executable file onto the hard drive of the infected Mac machine. The file Backdoor.Flashback.39 is used to download malicious payload from a remote server and to launch it,” Doctor Web said. The site has posted a list of some of the websites containing the malicious code but in all, “links to more than four million compromised web-pages could be found on a Google SERP at the end of March,” the firm said.

What is being done?

Apple has issued a fix which should remove the Trojan automatically. Although the threat is currently classified as “low”, Mac users have been warned not to open unfamiliar files or attachments and to turn off Safari’s setting for opening safe files automatically.  Anti-virus firm, F-Secure, has also posted a manual method of removing infection online, which can be found at http://tdy.sg/osxflashback. This has to be done manually so might involve a bit of risk.

What’s next?

Once you are off the Trojan please update your software from http://support.apple.com/kb/HT1338. Thereafter it is recommended that you download and install a reliable anti-virus software. Some of the best known ones for the Mac include ClamXAV, Sophos, Avast to name a few. And for the future it would be best to disable Java in Apple’s Safari. Select ‘Preferences…’ and click that window’s Security heading, then click to clear the checkbox next to ‘Enable Java’ for the same.

For now we really hope there isn’t another wave of the malware attack and for those who have been affected already, we wish you a iSpeedy recovery.