F-Secure has come to the aid of Apple Mac owners infected with the Flashback malware, announcing a free removal script for OS X. At its peak on April 6, an estimated 600,000 systems running OS X were said to be infected.
Apple itself has said it is already working on a tool to remove the malware, but given the company's slow turnaround of the critical updates issued by Oracle in February it would appear security firms were unwilling to wait.
The new tool by F-Secure will detect and repair the damage done by all of the common types of Flashback malware. It is offered as a free stand-alone Apple script application and not part of their antivirus scanner. Using it will reverse the damage and then extract it as a zip, enabling you to either send it or delete it, though I'm sure F-Secure would appreciate it being sent to them so they can calculate if any substantial changes to the code have been made.
While Apple has been slow to respond, resulting in a variable grilling from the security industry, the Apple user community has been working hard alongside security firms Dr. Web and F-Secure to analyze and counter the problem. One member, etresoft, has even written a script to help those struggling with the Flashback malware.
Even if you have manually removed the files created by the Trojan, you are highly advised to still run the F-Secure script to ensure all traces of Flashback have been removed. Despite Apple releasing a patch covering the critical exploits in Java, only OS X 10.6 and 10.7 were covered by the update and earlier releases of OS X remain vulnerable to the Trojan downloader.
Those that would like to perform additional checks to further lockdown their Mac computer can read the SecureList blog post by Kaspersky's security expert, Costin Raiu. It outlines ten additional steps you can perform to make your Mac more secure against online attacks, including Flashback's Trojan.
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Receive a weekly update of our best features and tech news you don't want to miss: