Arik Hesseldahl

Recent Posts by Arik Hesseldahl

Apple Fights Back Against Malware Attack

Apple just posted a Knowledge Base article on the the Flashback malware incident that has been the subject of so much discussion since it was revealed to have created a a 600,000-Mac-strong botnet last week.

By my scorecard, the article amounts to the first public comment Apple has made on the subject, period. And it’s very interesting indeed, especially in light of all the flak the company had been taking over what appeared, to some eyes, to have been an inadequate response.

First and foremost, Apple says, it is working on software to detect and remove the malware from an infected machine. Secondly, the company says it is working with Internet service providers around the world to disable the servers that are being used as the “command and control” network that’s basically telling compromised machines what to do.

Apparently it’s this effort that has caused trouble for the security outfit Dr. Web, which originally discovered the vulnerability in the first place: In working on shutting down the C&C servers, Apple apparently got servers that Dr. Web had used to track the spread of the outbreak shut down as well, according to this report on Forbes.com.

The vulnerability that allowed the malware to get through in the first place wasn’t in Apple’s Mac OS X itself, but in Oracle’s Java. Apple agrees with me at least with regard to machines running older versions of Mac OS: Disable it.

Anyway, here’s Apple’s article, in its entirety:

About Flashback malware
Summary

A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.

Products Affected

Java, Mac OS X 10.6, OS X Lion

A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.

Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates.

Apple is developing software that will detect and remove the Flashback malware.

In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.

Additional Information

For Macs running Mac OS X v10.5 or earlier, you can better protect yourself from this malware by disabling Java in your web browser(s) preferences.

Latest Video

View all videos »

Search »

When AllThingsD began, we told readers we were aiming to present a fusion of new-media timeliness and energy with old-media standards for quality and ethics. And we hope you agree that we’ve done that.

— Kara Swisher and Walt Mossberg, in their farewell D post