Mac Flashback Infections	Posted by Sean @ 14:44 GMT

On Monday, we wrote about a variant of the Mac Flashback trojan that exploits a then unpatched Java vulnerability (CVE-2012-0507). Apple released its security update on Tuesday. If you have Java installed on your Mac — update now.

Yesterday, Dr. Web (a Russian based antivirus vendor) reported that Flashback may have infected over half-a-million Macs.

Each installation of Flashback creates a unique User-Agent. Dr. Web's Ivan Sorokin later estimated that their sinkhole now estimates over 600,000 infections.

@mikko, at this moment botnet Flashback over 600k, include 274 bots from Cupertino and special for you Mikko - 285 from Finland

— Sorokin Ivan (@hexminer) April 4, 2012

Our Anti-Virus for Mac detects the latest Flashback variant as Trojan-Downloader:OSX/Flashback.K.

Here's some of our recent Flashback descriptions:

  •  Flashback.I
  •  Flashback.K

Our previous Mac related posts include instructions on how to disable Java, how to check for a Flashback infection, and manual removal:

  •  Mac Malware at the Moment
  •  Are you having a (Mac) Flashback?
  •  Mac Flashback Exploiting Unpatched Java Vulnerability

For those of you celebrating the Easter Holiday this weekend — if you're visiting your parents and they have a Mac — now is the time to update, disable, or remove their Java client plugin/installation!

(And that goes for Windows too.)

Updated to add: We have shipped a free Flashback removal tool.