In a movie or a book a flashback takes you from where you are, back to a moment in time. But if your Mac has one of a number of variants of Flashback or Flashfake, it likely means that your computer is infected with malware designed to allow cyber bad guys to install malicious code on your computer. It can do things ranging from generating fake search engine results, generating profits for cyber criminals via “click fraud”, to data theft and spam distribution and even use your computer as a bot for other purposes.
Kaspersky Lab performed an analysis of a recent variant they uncovered called Trojan-Downloader.OSX.Flashfake.ab. Lab Expert Igor Soumenkov diagnosed that it’s being distributed though infected websites as a Java applet, that masquerades as an update for Adobe Flash Player. And while the first detection dates back to September 2011 most of the infections since March 2012 have come from exploiting Java vulnerabilities.
They discovered that over 600,000 computers worldwide have been infected, with the majority of them in the US and as many as 100,000 in Canada. They also suspect that 98% of the computers infected were Macs.
Website Checks Your Computer
To check and see if your computer is infected, Kaspersky Labs has set up a FLASHBACK CHECK website. The verification is done using your computer’s hardware UUID, it’s unique identifier, that you can copy from your Mac’s System Report and paste into an entry box on the site. If this is new to you, the site has very simple instructions to help you find it in a snap.
Alternately, you can simply download a free Kaspersky Flashback / Flashfake Removal tool that not only scans for the Trojan; it will remove it as well. You will need administrator access to do so.
Apple’s Solution to Flashback
Apple also acknowledged the existence of this malware and responded with an update Java for OS X Lion 2012–003 designed to remove the most common variants.
It also delivers Java SE 6 version 1.6.0_31. It’s designed so the automatic execution of applets via the Java Web plug-in is disabled by default. Alternately, you can manually enable automatic execution through the Java preferences app. Once running, if the plug-in detects that no applets have run for a while, it will set it to disable mode once again. (Security update also affects Mac OS X 10.6)
Misperception
Many Macintosh users are under the misconception that Macs are totally immune to malware Trojans viruses and the like. While they are certainly less common they do nonetheless exist and there is the possibility that your computer just might be affected, so take the necessary precautions.
One more thing. If you need to update Adobe Flash Player, do it directly through Adobe.
photos courtesy: Kaspersky Lab, Securenet
Greg Gazin is the Real Canadian Gadget Guy.
Follow me on Twitter @gadgetgreg.
