This article is copied from Forbes: With the Flashback malware now estimated to have control of some 1 percent of Macs, owners are understandably panicked by the idea that their computer could be part of the biggest botnets in history. That 1 percent number isnt hype or pulled out of the air either. Ed Bott over on ZDNet does the math: With 600,000 infections in a user base of 60-70 million, that means roughly 1% of all Macs worldwide have been hit by this thing, which is capable of downloading additional malware at will. That is a huge percentage, an is testament to how fast this malware spread and how quiet it has been compared to previous examples of Mac malware such as Mac Defender (which spawned fake security dialog boxes and demands for cash). Compare this to Conficker, the single largest Windows-based infection, which at its peak in 2009 hit some 7 million PCs, or some 0.7 percent of the total Windows user base. Yesterday I posted a link to the Finnish security site F-Secure, which offered users a way to check if their Mac was infected. Problem with these instructions was that they were too complicated for the average user to follow. They involved using Terminal and typing a lot of commands. Fine for power users, but not for the average Mac users. Fortunately, now theres an easier way to scan your system for Flashback. Called FlashbackChecker, it is a small tool that you download, extract and run. It WILL NOT remove Flashback, but it will tell you if you are infected or not. If your system is clean, then as long as youve applied all the updates for your Mac, youre safe. Note: You need to run this checker tool on all user accounts on your Mac. But what if youre infected? Given you seem to have a 1 in 100 chance of having this nasty on your system sniffing passwords, you need to be ready for that possibility. If you are unlucky then you have two options open to you. The first is the manual removal method as outlined by F-Secure. If you didnt like the Terminal method for checking to see if your Mac was infected with Flashback, youre definitely not going to like this. Its multi-step and quite involved. Alternatively, you could download and install the 30-day trial of the Mac antivirus program VirusBarrier X6 from Intego or the free Sophos Anti-Virus for Mac Home Edition which should clean up your system for you. After its done the job, you might want to consider leaving the antivirus program on your system so youre covered when it comes to future threats. Because, after all, future threats are likely. If you have a Mac, I strongly suggest that you check if its infected with Flashback, because this malware is real, is nasty, and is on your system to grab usernames and passwords. Check your system, deal with any problems, make sure your patches are applied, and get on with your life. Link for FlashbackChecker: https://github.com/jils/FlashbackChecker/wiki Manual Removal of Flashback: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml Virus Barrier X6 from Intego: http://www.intego.com/virusbarrier Sophos Anti Virus for Mac: http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx Note: I ran FlashbackChecker this morning and I was clean, I updated Java immediately. Hopefully all you will have the same results but I thought this info should be posted. Good luck!
My system is clean but I'm not thrilled that I might have to run persistent anti-virus software on my Mac like some filthy Windows user if this trend continues.
As some have suggested, turning off Java and using Chrome when you need to look at a Flash site might be enough for now. I also checked this morning and my Mac was clean.
This isn't the first Mac virus to make the rounds recently it's simply the first that can install itself without somehow tricking the user into entering their account password. If the Mac becomes an active target for viri then in the long run installing anti-virus software will become necessity. In the past five years I've run a virus scan on my iMac three times and have never been infected, that's a huge difference from the compulsive weekly scan I used to do as a Windows user.
Just read Apple legally tried to get the site shut down of the researchers who actually found this thing. So instead of trying to fix the problem they are just trying to bury it and making enemies of people who tried to help them.
As Apple and Macs become more popular, this is going to happen more. It's not that OS is better, it's just not targeted nearly as often. I've relegated myself to installing NAV much as I hate to, but I've had ID theft once, and like any crime, being a victim once, is one too many times.
Just make Macs more expensive and we'll go back to the gated community we once loved, you know, before hackers could afford them <3
I'd like to clear some misconceptions. This is not a virus. It is a trojan. Trojan ≠ virus. A virus won't even ask for your password or anything. It will install by itself, run by itself and do what it needs to without admin privileges. At this point in time, no such program for a mac exists. Sure trojans are becoming more frequent for macs but you just have to be careful what you download and what you give permission to. I wouldn't run a anti-virus software yet. It will just slow down your mac and will ruin the experience more than anything. Also, a word of warning: AVOID Sophos. That software has been shown to actually increase vulnerability since it runs with root privalages. More information about that here: http://forums.macrumors.com/showpost.php?p=11570070&postcount=31 If you WANT to use an antivirus software, use ClamXav, since that doesn't use root privileges.
Does this malware require you to give permission for it to be installed, or does it install without that due to the flaw in Java? Apple released an update to Java which closed a security flaw, so my presumption was that it was using that flaw to install itself. Not true?
From what I've read your right it installs on it's own, it does ask for a password after it is already installed though I don't know why it does that maybe it has a function that needs it. Certainly opens the doors for malware that doesn't need a password in the future if that isn't already in the wild.
