Apple has announced that it is developing software to detect and destroy the Flashback malware that security insiders claim has infected 600,000 Macs worldwide.
Apple's Flashback remover
The Mac-only Flashback malware exploits a Mac Java vulnerability. It has created a worldwide botnet by exploiting an unpatched this Java vulnerability.
Apple has already released updates to patch the flaws, but is now working on software updates to remove Flashback too.
Yesterday we reported a quick way to check whether your Mac is infected by Flashback, courtesy of a free app called Flashback Checker.
In a support document released yesterday Apple mentioned its upcoming Flashback killer tool.
"In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions.
“Apple is working with ISPs worldwide to disable this command and control network," said Apple.
Apple has also advised Mac users running Mac OS X 10.5 or earlier to disable Java in their browser preferences.
Earlier in the day Apple had apparently targeted the servers of the Russian security firm that first revealed the malware, accusing Dr. Web of being "involved in a malicious scheme" and its servers being in "command and control" of Flashback.
The company’s chief executive Boris Sharov insisted that the server was "not doing any harm to users" and was in fact being used to monitor the spread of the virus.
“They told the registrar this domain is involved in a malicious scheme. Which would be true if we weren’t the ones controlling it and not doing any harm to users,” Sharov said.
“This seems to mean that Apple is not considering our work as a help. It’s just annoying them.”