Antivirus vendor Kaspersky Lab has launched a free removal tool for the Flashback Mac OS X malware and a Web site where users can check whether their computers are infected with it.
Flashback is the most widespread malware on the Mac OS X platform todate. Two antivirus companies, Doctor Web and Kaspersky Lab,independently confirmed on Wednesday and Friday, respectively, thatwell over 600,000 Mac computers have been infected with the latestvariant of the Flashback Trojan horse.
Screen shot of the FlashbackTrojan removal tool now posted on Kaspersky Lab’s site.
Flashback first appeared in September 2011 and was originallydistributed as a fake Flash Player installer. However, the number ofinfections drastically increased in March because the malware startedinfecting computers through Web-based attacks that exploited anunpatched Java vulnerability.
Antivirus vendor F-Secure was the first to publish instructions on howto check whether a Mac OS X system is infected with the latestFlashback variant and how to manually remove it.
However, F-Secure’s instructions required users to type complicatedcommands in a Mac OS X terminal window and interpret the replies, whichmade them somewhat unsuitable for non-technical persons used to agraphical user interface.
In order to make it easier for average users to check whether theircomputers are infected, Kaspersky Lab launched a website onMonday where people can input their systems’ unique hardwareidentifiers (UUIDs) to see if they are among the almost 700,000 Macsknown to be infected with Flashback so far.
Kaspersky also released astand-alone removal tool for the Flashback malware, which Macowners can download and use for free. However, it’s probably a goodidea to install a full-featured antivirus program after running thistool in order to prevent future infections.
In addition, Kaspersky’s director of global research and analysis,Costin Raiu, made several Mac OS X security recommendationsin ablog post on Monday. These included setting up anon-administrator account for everyday use, switching to Google Chromeas primary browser because of its sandboxed Flash Player plug-in andsilent automatic updates, disabling the Java and stand-alone FlashPlayer plug-ins from other browsers, installing all software updatesdistributed by Apple, upgrading Adobe Reader to version 10, using aseparate keychain for passwords that can unlock very sensitive accountsand disabling the IPv6, AirPort or Bluetooth services when they’re notneeded and enabling full disk encryption.
