Saturday 21 April 2012

Everything you need to know about Flashback

Unless you’ve been living under a rock for the past month, odds are you’ve heard about the Flashback Trojan that’s reported to have, at its peak, infected around 600,000 Macintosh OS X systems. In PC virus terms, of course, 600,000 is a very small portion, but in Apple’s world, this translates to over one percent of all Macintosh computers. So what exactly is this virus? Why is it groundbreaking? And what can you do to protect your computer? Read on to find out.

What is Flashback?

Flashback, or more accurately “Backdoor.Flashback” is a Trojan horse that exploits a vulnerability in Java for Mac OS X. Flashback was originally detected by security firm Intego in September of 2011. In its early versions, the malware masqueraded as an installation program for Adobe Flash. Users, under the impression they were downloading and installing a legitimate copy of Flash, would manually install Flashback – unwittingly infecting their own computer. But it was the later versions that made headlines.

In early 2012, a new version of Flashback hit the web that employed a technique called “drive-by download”. In this new iteration, a java applet on a malicious or infected website would prompt users to enter their password in a fake software update window. At this point, it didn’t matter if a password was entered or not, you were infected either way. If a password is provided by the user, Flashback would install itself in the Applications folder. If no password is provided, then Flashback would install in the user account. Once installed, the malware will install bits of code in various programs – particularly web browsers – and will monitor user activity and attempt to record passwords and personal information.

The major take-away here is that even if you didn’t enter your password or consciously download anything, you can still have Flashback on your system. It took literally no input from users to become infected.

Russian anti-virus vendor Dr. Web estimates that of the approximately 600,000 infected systems, just over half reside in the United States, about 20 percent in Canada, and about 13% in the United Kingdom.

How do I find out if I have Flashback?

Fortunately, finding out if you’re infected and eliminating the Flashback Trojan is pretty easy. Security company F-Secure released detection and elimination software as well as a guide on their website.

Didn’t Apple put out a fix?
Yes, but it took about two months from detection to fix so there was substantial time for infection. Fortunately, the latest OS X and Java update removes the most common variants of Flashback. Unfortunately, there is substantial evidence that the malware authors are currently working on new versions of Flashback in attempts to prolong infection and experts estimate that there are still about 140,000 infected machines out there.

What does this mean for the future of my Mac?

It means it’s time to use protection. For a long time, few Mac users worried about anti-virus software because, frankly, there weren’t very many people writing malicious code for the Mac operating system. That era is over. While Flashback may be the first drive-by malware to affect Macs, it will hardly be the last. You can be sure there are new threats on the way.

No comments:

Post a Comment