Apple has released an automated removal tool to help users remove the Flashback malware discovered by Dr. Web earlier this month, which had infected an estimated half a million computers worldwide within a couple of weeks.
The Flashback malware is a Trojan that has been designed to exploit a vulnerability in Java, allowing it to steal user information through the web browser and other applications, and flash it back to remote servers. It has many variants, some that mask themselves as Adobe Flash video and other browser plugins that users mistakenly agree to install, and some that can even auto-install without direct user interaction.
Other companies have released their own removal tools for the virus, starting with Kaspersky last week, and F-Secure, Symantec yesterday, a little ahead of Apple – which had announced it would be developing one, two days ago. Apple’s tool will be part of a security update to Java. The fruity giant says the Flashback removal tool will get at the "the most common variants" of the malware, and also block automatic web-page Java applet execution.
The Apple Flashback removal tool is only available for systems running OS X 10.6 or later, and will be bundled with the latest Java runtime, that also contains its own patches. The tool will install MRTAgent and a command line tool, which find and scour any Flashback malware instances, submit a log to Apple, and then delete themselves. While all currently known Flashback variants should be successfully removed by the Apple tool, it will require regular updates to work effectively.
Apple will also be working with internet service providers to try and disable access to the remote servers that the Trojan malware is coordinating with. Experts are predicting the time of ‘no malware for Mac’ is at an end, with the bad guys or malware authors turning their sights to the platform, deftly using their experience with the Windows and Linux malware.