http://arstechnica.com/apple/news/2012/04/apple-to-release-flashback-removal-software-working-to-take-down-botnet.ars By Jacqui Cheng ars technica April 10, 2012 Apple plans to release software that will detect and remove Flashback malware infections on the Mac, the company announced Tuesday. In a knowledge base link published late in the day, Apple explained that it's aware of the infection—which takes advantage of a previously unpatched Java vulnerability—saying that the software was coming, but no specific release date was given. In addition to the Flashback detection software, Apple said that it's "working with ISPs worldwide" to disable the botnet's command and control (C&C) servers. Kaspersky researcher Kurt Baumgartner told Forbes earlier on Tuesday that "Apple is taking appropriate action by working with the larger Internet security community to shut down the Flashfake [also known as Flashback] C2 domains," and Apple's latest efforts seem to coincide with Baumgartner's statement. "Apple is developing software that will detect and remove the Flashback malware," Apple wrote. "In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network." We have been covering the Mac Flashback trojan since 2011, but the malware recently picked up steam. Last week, Russian security firm Dr. Web reported that it had infected more than half a million Macs worldwide. (The aforelinked Forbes report claimed Apple tried to take down Dr. Web's sinkhole server for Flashback, but it seems most likely that this was an accidental inclusion in Apple's attempts to take down the botnet's C&Cs.) [...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.orgReceived on Tue Apr 10 2012 - 22:34:16 PDT
This archive was generated by hypermail 2.2.0 : Tue Apr 10 2012 - 22:33:59 PDT