Flashback Central: How to find, protect against, and eliminate scary Apple malware

Updated on 08-Apr-2012

It’s been quite a week for Mac owners. And that’s all thanks to Flashback, a drive-by-download attack that requires absolutely no input by users in order to install itself on one’s Apple system. Visit a malicious website and that’s it: The code exploits a vulnerability in your Java runtime and begins to install other software components designed to yoink your login credentials and pass them off to a remote Internet servers.

Unpleasant, eh?

Protecting yourself against Flashback is a relatively simple affair — one that should have been handled months earlier, had Apple opted to update its users with Java’s February release instead of waiting until April 3 to patch the vulnerability. Apple, to note, maintains and complies its own versions of Java: Oracle fixed the vulnerability in a release that Apple didn’t deploy until April, which many see as one of the reason why Flashback was able to affect such a sizeable portion of Apple’s audience.
First off, grab one of the following handy little apps: FlashbackChecker or Mashable’s Flashback-checking scripts. You can use each to determine whether your system is infected or not. Remember: These apps just check for the presence of Flashback. They aren’t removal tools.
If your system isn’t infected, great! Fire up your Software Update app and make sure that your system is patched up with all the latest Apple updates. You’ll now be protected from the current version of Flashback that’s affecting everyone else.
If either of the two Flashback-checking apps report that your system is infected, however, you have one of two options: You can attempt to remove Flashback manually, a long and laborious process. You can also take the quicker route: Install the free Sophos Anti-Virus for Mac Home Edition app, which should automatically rid your system of Flashback after a full system sweep.
What next? F-Secure Labs recommends that users go ahead and disable Java on their systems if they don’t specifically need it, in an effort to prevent future Java-driven attacks. Safari users can just open their Safari Preferences, click on the Security icon, and deselect the “Enable Java” box. It’s fairly easy to do so in both Chrome and Firefox as well.
And don’t forget to make yourself a little yellow sticky note that says, “Don’t enter your administrative password” and slap it to your desktop or laptop. Once Flashback breaks through to your system, the malware attempts to gain deeper access into your OS — which requires you to first cough up your administrative password in order to allow the request. There’s a good chance you’re going to get stuck with Flashback even if you don’t enter your password, but doing so makes it that much easier for Flashback to work.
Flashback is an annoying and problematic piece of malware, but it’s certainly not invincible. Modern-day malware protection is two parts software, one part updates, and one part system smarts. And now you have all the tools you need to eliminate the big Apple nuisance.

 

Copyright © 2010 Ziff Davis Publishing Holdings Inc.

Source:Flashback Central: How to Find, Protect Against, and Eliminate Scary Apple Malware

Connect On :