F-Secure has created a free tool to help Mac users remove the Flashback Trojan from their computers, after reports that the malware had infected more than half a million Apple systems.
"The tool creates a log file on [the] current user's desktop," F-Secure chief research officer Mikko Hypponen wrote in a blog post. "If any infections are found, they are quarantined into an encrypted ZIP file to the current user's home folder. The ZIP is encrypted with the password 'infected'."
Flashback appeared late last year as a social-engineering scam, trying to fool Mac OS X users into downloading phoney Flash updates. More recently, it started to exploit a Java vulnerability instead.
Last week, Russian antivirus firm Dr Web said a Flashback
botnet had developed across 600,000 Macs — by far the
biggest malware scare to hit Apple's desktop operating system yet. However, Symantec suggested on Wednesday that the number of active
infections has halved since then.
In his blog post, Hypponen suggested that Apple could be doing more to protect its users. The Mac maker has released Java patches for its most recent OS X versions — Lion and Snow Leopard — but not for earlier generations.
Quite surprisingly, Apple hasn't added detection for Flashback to the built-in Xprotect OS X antivirus tool.– Mikko Hypponen, F-Secure
"Quite surprisingly, Apple hasn't added detection for Flashback — by far the most widespread OS X malware ever — to the built-in Xprotect OS X antivirus tool," Hypponen said. "Also note that Apple has not provided a patch for the Java vulnerability used by Flashback for OS X v10.5 (or earlier). More than 16 percent of Macs still run OS X 10.5."
Dr Web's attempts to warn Apple of the botnet's emergence had been met by silence, the company's chief executive Boris Sharov told Forbes on Monday. He said Apple had tried to have Dr Web's registrar shut down one of its domains, which was being used as a 'sinkhole' to monitor and analyse the botnet, and which would have appeared to have been controlling part of it.
"They told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren't the ones controlling it and not doing any harm to users," Sharov told Forbes. "This seems to mean that Apple is not considering our work as a help. It's just annoying them."
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.