Inside GT Global

Flashback is Back

Apr 25, 2012 Blog 0 Comment
Flashback is Back

As part of our new Managed Services for Macs, we’ve been keeping an eye on the latest attempts at compromising you Apple machine. In our last post, we’ve shown how you can check if your office computer is infected with the Flashback virus but there’s fresh batch now going around, this time it’ll install itself without any notice.

Via Ars Technica

There’s yet another Flashback variant making its way through unprotected Macs, though it still only takes advantage of the now-patched Java vulnerability that the previous few versions made use of.

Security firm Intego posted about the latest version of the malware, Flashback.S, which mimics the behaviors of previous variants of the malware. Flashback.S doesn’t require an admin password to install itself into the machine’s home folder, and it deletes all files located within ~/Library/Caches/Java/cache “in order to delete the applet from the infected Mac, and avoid detection or sample recovery.”

Those of us who have already updated our Macs with the latest version of Java won’t have to worry, as Flashback.S has yet to find a new vulnerability to exploit. But there are apparently still plenty of Mac users—-650,000, according to Russian antivirus firm Dr. Web last Friday—who are currently infected with some version of Flashback, meaning there are at least that many (and probably more) who have yet to update their machines.

Meanwhile, Sophos claims in a new report that one in five Macs is “harbouring some kind of malware,” though Sophos’ limited sample size (those who have downloaded Sophos’ antivirus software) indicates we should take the numbers with a grain of salt until more researchers can corroborate the claims.