An estimated 600,000 Macs, or the market equivalent of 8.5 million PCs, have been infected with the Flashback Trojan botnet, which was originally discovered last year. The botnet originally disguised itself as an update to Adobe Flash, and infected machines when users executed the program. However, while the original threat required user execution, the current version doesn’t require any user interaction or passwords.
Apple issued a security update just a few days ago, aimed at keeping Flashback off of users’ computers, but now the company is developing a tool for scrubbing the malware off of already-infected machines.
“In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions,” Apple wrote on its website. “Apple is working with ISPs worldwide to disable this command and control network.”
There is no word on when the tool will be available. While we wait for Apple’s update, the company suggests Mac users running Mac OS X v10.5 or earlier disable Java in their web browsers. Security company Kaspersky has also developed a free tool for detecting and removing Flashback.