Thursday, April 12, 2012

Flashback/Flashfake Mac Trojan Removal Tool

Due to recently outbreak over 600,000 Mac computer have been infected with latest variant of Flashback Trojan Horse, few antivirus security come out with removal tool to encounter this problem.

F-Secure Tools - This tools require user to type complicated command in Mac OS X,  and it will bit challenging for non-technical users.

How to use the tools:

1) Download FlashbackRemoval.zip to the Mac machine you want to scan.
2) Double-click the zip package to unzip it in the current folder
3) Double-click the FlashBack Removal app to run the tool
4) Follow the instructions to check your system and clean any infections

The tools creates a log file (RemoveFlashback.log) on current user’s Desktop. If any infections are found, they are quarantined into an encrypted ZIP file (flashback_quarantine.zip) to the current user’s Home folder. The ZIP is encrypted with the password 'infected'.



Reference: http://www.f-secure.com/weblog/archives/00002346.html



Kaspersky Tools - This tools pretty simple to use, user just download the tools and execute the tool to scan/removal trojan. This tool can be download from http://support.kaspersky.com/downloads/utils/flashfake_removal_tool.zip


flashflakeremoval.png




Besides that, Kaspersky also set up online resource where all users of Mac OS X can check if their computer has been infected by Flashback. All data sent by infected computers and UUIDs are recorded in kaspersky dedicated database. 

Website to check infected Mac OS systems: http://flashbackcheck.com/


Reference: https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_checking_site

Friday, April 6, 2012

Mac Flashback Infections


On Monday, we wrote about a variant of the Mac Flashback trojan that exploits a then unpatched Java vulnerability (CVE-2012-0507). Apple released its security update on Tuesday. If you have Java installed on your Mac — update now.

Yesterday, Dr. Web (a Russian based antivirus vendor) reported that Flashback may have infected over half-a-million Macs.

Each installation of Flashback creates a unique User-Agent. Dr. Web's Ivan Sorokin later estimated that their sinkhole now estimates over 600,000 infections.

Our Anti-Virus for Mac detects the latest Flashback variant as Trojan-Downloader:OSX/Flashback.K.

Here's some of our recent Flashback descriptions:

  •  Flashback.I
  •  Flashback.K

Our previous Mac related posts include instructions on how to disable Java, how to check for a Flashback infection, and manual removal:

  •  Mac Malware at the Moment
  •  Are you having a (Mac) Flashback?
  •  Mac Flashback Exploiting Unpatched Java Vulnerability

For those of you celebrating the Easter Holiday this weekend — if you're visiting your parents and they have a Mac — now is the time to update, disable, or remove their Java client plugin/installation!

(And that goes for Windows too.)


Source: http://www.f-secure.com/weblog/archives/00002345.html