Security researchers at Kaspersky Lab and Intego have released free tools to help Mac users infected with the Flashback Trojan clean their computers.
In the past few weeks, the number of Mac computers compromised by the malware has reached into the hundreds of thousands, with Kaspersky Lab’s estimate putting the number as high as 650,000 as of April 6. The number of bots then shrank to slightly more than 237,000 as of April 8, Kaspersky Lab found.
“Over the last few days our server has registered all the data sent by bots from the infected computers and recorded their UUIDs in a dedicated database,” Alexander Gostev, chief security expert at Kaspersky Lab, explained in a blog post. “Based on this information we have set up an online resource where all users of Mac OS X can check if their computer has been infected by Flashback.”
The company created the site Flashbackcheck.com for advice on how to determine if users are infected, and has posted the tool on its Securelist blog.
Intego has released freeware to address the problem as well.
“A number of web sites have been circulating information telling users how to find out if they are infected with the Flashback malware,” Intego noted in a blog post. “Since these instructions include a number of obscure commands to be run in Terminal, several developers have released free applications that users can run to check their Macs, without needing to know how to use Terminal.”
“Unfortunately, this information can be misleading, because the instructions that circulate discuss just one variant of the Flashback malware,” Intego continued. “There are some two dozen variants already, each of which puts files of different names in different locations; these instructions and applications will therefore not find any but the one specific variant that they target.”
Flashback was first observed last year propagating through a fake Adobe Flash Player installer. More recently, the malware has utilized a Java vulnerability to spread.