Apple is working on a Flashback removal tool (new KB)

donmontalvo
Esteemed Contributor III

Apple is working on a tool...hot off the press:

http://support.apple.com/kb/HT5244

Don

--
https://donmontalvo.com
10 REPLIES 10

Matt
Valued Contributor

Better late than never I guess. Should have just patched Java to begin with :(

mm2270
Legendary Contributor III

Agreed. I do hope this serves as a lesson for Apple that they need to get faster with releasing updates, even if they are 3rd party products used on the platform.
I don't entirely believe the numbers but there are reports of a botnet of Flashback infected Macs that is over a half million strong. (!) Even if the numbers are much lower, this does nothing but give fodder for the Mac-haters out there to claim that Macs are "just as vulnerable as PCs'" or something. It doesn't matter if its not true, the truth never stopped that crowd from making ridiculous claims in the past.

nessts
Valued Contributor II

The dumber the user, the more vulnerable any computer is. So technically the Mac is every bit as vulnerable to this type of attack as the Windows computers. We just need to protect the really dumb users by preventing them from being able to install these types of things, but out of the box every user on a Mac is an Admin, so really Apple is no better than Windows in that respect.

Matt
Valued Contributor

Apple serves us Java they better serve us a version that isn't spoiled and sitting on the counter for 3 months.

mm2270
Legendary Contributor III

@nessts, while I agree its part of our job to protect against stupidity, when Apple takes months to release an update from a vendor with such a nasty exploit in it, it makes our jobs of protecting the dumb people that much harder, unnecessarily. Its one thing for someone to foolishly fall for a human engineering exploit that asks for your admin password. Its quite another when you can get infected just by visiting a website.
I just think they were really too slow in addressing this and are faster next time.

Matt
Valued Contributor

Also I wouldn't call anyone dumb just not as knowledgeable. Not everyone strives to learn or know how a computer works thats what we get paid for.

taugust04
Valued Contributor

Does anyone know if ClamXav checks for and removes this malware? I've read that it won't install if ClamXav is present, but, I'd like to know if it also disinfects if it is somehow present on the computer.

~Ted

donmontalvo
Esteemed Contributor III

taugust04
Valued Contributor

@donmontalvo

Awesome - thank you sir, for the link. The decision to include ClamXav on all my installs, along with a launchd job to update definitions regularly, turned out to be a wise one.

donmontalvo
Esteemed Contributor III

Just got a response from Symantec enterprise support on whether their NAV/SEP definitions protect against OSX.Flashback...

The new variant of OSX.Flashback is known as OSX.Flashback.K. Any virus definitions prior to April 9, 2012 will identify the new variant as simply OSX.Flashback. The current virus definitions will detect and remove this threat upon detection on a scan with the SEP client or with Auto-Protect.
--
https://donmontalvo.com