[ISN] Apple to release Flashback removal software, working to take down botnet

From: InfoSec News <alerts_at_private>
Date: Wed, 11 Apr 2012 00:34:16 -0500 (CDT)
http://arstechnica.com/apple/news/2012/04/apple-to-release-flashback-removal-software-working-to-take-down-botnet.ars

By Jacqui Cheng
ars technica
April 10, 2012

Apple plans to release software that will detect and remove Flashback 
malware infections on the Mac, the company announced Tuesday. In a 
knowledge base link published late in the day, Apple explained that it's 
aware of the infection—which takes advantage of a previously unpatched 
Java vulnerability—saying that the software was coming, but no specific 
release date was given.

In addition to the Flashback detection software, Apple said that it's 
"working with ISPs worldwide" to disable the botnet's command and 
control (C&C) servers. Kaspersky researcher Kurt Baumgartner told Forbes 
earlier on Tuesday that "Apple is taking appropriate action by working 
with the larger Internet security community to shut down the Flashfake 
[also known as Flashback] C2 domains," and Apple's latest efforts seem 
to coincide with Baumgartner's statement.

"Apple is developing software that will detect and remove the Flashback 
malware," Apple wrote. "In addition to the Java vulnerability, the 
Flashback malware relies on computer servers hosted by the malware 
authors to perform many of its critical functions. Apple is working with 
ISPs worldwide to disable this command and control network."

We have been covering the Mac Flashback trojan since 2011, but the 
malware recently picked up steam. Last week, Russian security firm Dr. 
Web reported that it had infected more than half a million Macs 
worldwide. (The aforelinked Forbes report claimed Apple tried to take 
down Dr. Web's sinkhole server for Flashback, but it seems most likely 
that this was an accidental inclusion in Apple's attempts to take down 
the botnet's C&Cs.)

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Received on Tue Apr 10 2012 - 22:34:16 PDT

This archive was generated by hypermail 2.2.0 : Tue Apr 10 2012 - 22:33:59 PDT