NEWS FROM THE LAB - Wednesday, April 11, 2012

Flashback Removal Tool Posted by Mikko @ 15:48 GMT

We have created a free tool that automates the detection and removal of the widespread Flashback Mac OS X malware.

F-Secure Flashback removal tool

How to use the tools:

1) Download FlashbackRemoval.zip to the Mac machine you want to scan.
2) Double-click the zip package to unzip it in the current folder.
3) Double-click the FlashBack Removal app to run the tool.
4) Follow the instructions to check your system and clean any infections.

The tools creates a log file (RemoveFlashback.log) on current user's Desktop. If any infections are found, they are quarantined into an encrypted ZIP file (flashback_quarantine.zip) to the current user's Home folder. The ZIP is encrypted with the password "infected".

Apple has announced that it's working on a fix for the malware, but has given no schedule for it.

About Flashback malware, support.apple.com/kb/HT5244

Quite surprisingly, Apple hasn't added detection for Flashback — by far the most widespread OS X malware ever — to the built-in XProtect OS X antivirus tool.

Also note that Apple has not provided a patch for the Java vulnerability used by Flashback for OS X v10.5 (or earlier). More than 16% of Macs still run OS X 10.5.

Chitika, March 2012, Mac OS X Verions

If you run an older version of Mac OS X, update to a current version. Or disable Java in your browser. Or uninstall Java. And run our free tool. And yes, we have a full-blown F-Secure Antivirus for Mac available as well.

Update: Small false positive fix. The tool linked above has been updated (April 12th). Version 1.1.0.

Update: April 13th, here's the link for Apple's security update: http://support.apple.com/kb/HT5242