Partner --> MacStrategy
Amazon UK Mac Software Affiliate Link

The Flashback Malware Threat And Java

by Graham Needham (BH) on 10th April 2012

The recent Flashback trojan that targeted an unpatched (now patched for Mac OS X 10.6 and later) security hole in Java (Java Runtime Edition - JRE) has caused a lot of fuss and a lot of misinformation so I thought it wise to write this blog piece. Firstly let me point out that the malware and attack was serious so all Mac users should read this.

The Flashback malware is a trojan it is not a virus i.e. it does not spread from one computer to another automatically. However, it was and still is a serious threat to the Mac platform. It is definitely a wake up call to all those Apple users that think they are safe simply because they are using an Apple Macintosh (which has never been true). It is still safer to use a Mac than Windows but computing has risks especially if you use the internet and/or you don't practice safe computing!

So here's a frequently asked questions guide to Flashback and your Mac.

Flashback/Java FAQ

Q. I use a Mac so I'm safe from nasty malware aren't I?
A. NO!
Q. What is malware?
A. Malware is a general term used for any software that is malicious i.e. software that gets on your computer to do bad things like steal your passwords/take control of it.
Q. What is a virus?
A. A computer virus is a computer program that can replicate itself and spread from one computer to another. Flashback is not a virus, it is a trojan.
Q. What is a trojan?
A. A computer Trojan horse, or Trojan, is a standalone malicious program which may give full control of infected PC to another PC. It may also perform typical computer virus like activities. Trojan horses may make copies of themselves, steal information, or harm their host computer systems.
Q. If Flashback is a trojan and not a virus how does it get on my computer?
A. One version of Flashback (there are over 10 different versions of this malware attack) attempted to use a security hole in Java (now patched for Mac OS X 10.6 and later if you've installed the latest Java update). This can happen simply by visiting a web site - it could even be a well known web site that you visit regularly that could be serving a malicious advert! Similar attacks have been propagated through Google Images before!
Q. I thought software needed to ask for my administrator password to install itself on a Mac?
A. This is usually the case, but this version of Flashback was clever enough to try to use Java that is potentially already installed on your computer in an attempt to bypass this restriction.
Q. How can I tell if I am infected by the Flashback trojan?
A. Download and use F-Secure's free Flashback checker/removal script.
A. Or Kaspersky Lab have set up a web site where you can check your computer's Hardware UUID against the known infection database.
A. Or download and use Norton's free Flashback checker/removal script (Intel Macs only).
A. Or download and use Kaspersky Lab's free Flashback checker/removal tool (Intel Macs only) [removed 12/04/2012].
A. Or go to the F-Secure web site and follow their instructions very carefully.
Q. If I am infected by the Flashback trojan how do I remove it?
A. If you are running Mac OS X Mac OS X 10.6 or 10.7 update your Java (Java 8 for OS X 10.6 / Java 2012-003 for OS X 10.7). A. If you are running Mac OS X 10.7 and you do not have Java installed use Apple's free Flashback malware removal tool (Mac OS X 10.7 without Java only).
A. Or download and use Kaspersky Lab's free Flashback checker/removal tool (Intel Macs only) [removed 12/04/2012].
A. Or download and use Norton's free Flashback checker/removal script (Intel Macs only).
A. Or go to the F-Secure web site and follow their instructions very carefully. A. If you are running Mac OS X 10.5 on an Intel Macintosh use Apple's free Flashback malware removal tool (Intel Macs only).
Q. I thought Macs were safe?
A. No, they were never "safe". They are "safer" than Windows but you still need to practice safe computing especially if you use the internet.
Q. So what's Apple doing about this?
A. They've released a Java update (Java 8 for OS X 10.6 / Java 2012-003 for OS X 10.7) that fixes the Java security hole, detects and if found removes the Flashback malware. See Apple's technical support document.
Q. How can I protect myself from the Flashback (I) trojan?
A. If you are running Mac OS X 10.6 or 10.7 update your Java. A. If you are running Mac OS X 10.5 switch Java off completely and/or switch off Java in all the web browsers that you use.
A. If you are running Mac OS X 10.4, 10.3, 10.2 or earlier you cannot switch Java off completely so switch off Java in all the web browsers that you use.
Q. Once I have updated Java am I safe?
A. You are safe from this particular version of the Flashback trojan. However, the trojan may get updated or you may be subject to other malware attacks so to help you practice safe computing you should:
  1. See our security articles.
  2. Follow us on Twitter for security alerts.
  3. Keep your Apple software up to date.
  4. Keep all your web browsers including Safari, Firefox and Chrome up to date.
  5. Keep your web browser plug-ins up to date (Flash is a common attack vector).
  6. If you use Adobe Acrobat (Reader) keep your Adobe software up to date (PDF files are a common attack vector).
  7. If you use Microsoft software e.g. Office keep your Microsoft software up to date (Word, Excel and/or PowerPoint files are a common attack vector).
  8. Consider using anti-virus software on your Macintosh computer (see the list below).
Q. Should I use anti-virus software?
A. The Mac is "safer" than Windows but the reality is that malware exists for Macs so you should seriously consider running anti-virus software especially as some of them are free.
Q. What else do you recommend?
A. If you do not use Java for every day use you might as well switch off Java in the operating system completely. Also, switch off Java in all the web browsers that you use (see below). Consider using anti-virus software on your Macintosh computer.

Blog Post Author = Graham Needham (BH)
Blog Post Created On = 10th April 2012
Blog Post Last Revised = 25th January 2018 12:32
Blog Post URL = https://www.macstrategy.com/blog_post.php?11

This blog post is representative of the blog author's individual opinions and as such any opinions that may be expressed here may not necessarily reflect the views of everyone at MacStrategy or the holding company Burning Helix.

See all blog postings for all countries
Twitter Logo
© Burning Helix s.r.o.

Printed on / /

© Burning Helix s.r.o.