Apple developing tool to detect and remove Flashback Trojan

Apple developing tool to detect and remove Flashback Trojan

Summary: Apple is developing a tool to detect and remove the Flashback Trojan that has infected over 600,000 Macs. In the meantime, here are some alternatives for both detecting and removing the malware.


Two months ago, a new variant of the Flashback Trojan started exploiting a security hole in Java to silently infect Mac OS X machines. Last week, Russian antivirus company Dr. Web revealed that the Flashback Trojan botnet controls over 600,000 Macs. Today, Apple announced it is developing software that will detect and remove the Flashback malware.

Apple released a Java update that patches the security hole on April 3, but it was already too late by that point. News of the massive infection rate broke on April 4.

As such, the electronics giant is also working with ISPs around the world to take down computer servers hosted by the malware authors. In addition to the Java vulnerability, the Flashback malware relies on this command control network to perform many of its critical functions.

What if you can't wait for Apple to release its tool? There are a few things you can do.

First off, you can grab the new version of Java from Apple here: Java for Mac OS X 10.6 Update 7 and Java for OS X Lion 2012-001. If you're running Mac OS X v10.5 or earlier, your only option is to disable Java in your web browser(s) preferences: How to disable the Java web plug-in in Safari.

If you want to see if you have it, there are a few options. Dr. Web and Kaspersky have online tools to check if you have the Trojan. There's also a tool called FlashbackChecker available on GitHub.

If you know you have it and want to get rid of it, there are also a few options. F-Secure has instructions on how to remove the malware. CNET has a step-by-step guide for removing it. Last but certainly not least, the easiest way to get rid of it is to download and use the Kaspersky Flashfake Removal Tool.

See also:

Topics: Open Source, Apple, Hardware, Malware, Operating Systems, Security, Software, Software Development

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • mhollis55, can you n your Macta_rd crue deny this one too?

    Waiting for a cr_Apple worshipper's logic of why this problem doesn't exist; even when cr_Apple is building a patch for it :)

    ....Anytime soon....
    • Uh.. better lay off the sauce, fella.
    • Waiting

      Waiting for MrElectrifyer to contribute something useful to the conversation.

      ...No time soon...
    • Apple ANNOUNCES it is DEVELOPING a removal tool?

      wait, what, Apple is ANNOUNCING it is developing a tool to remove a specific malware?
      they have the Java patch but that doesn't REMOVE the malware if you already have it.
      Are you kidding? Other much smaller companies have already released programs to detect and remove this malware and all Apple can manage is an announcement that they are working on a fix?
      Amazing what billions of dollars cannot achieve.
      Malware writers now have a chance to change their malware while Apple
      develops the removal tool.
      Obviously the PR department at Apple is bigger than the software R&D department.
      • On security

        Apple is known to offer quality experience. This includes spending a lot of effort to provide quality and well tested software that requires no fiddling.
        It is naive to think, that Apple has no resources to act "quick".

        Besides, there is absolutely no indication that this botnet has ever been used for anything. If Apple are confident that particular malware does not hame their users computers, why rush? There is a lot to be learned, by the way by observing the Also, it is apparent that many users will never update their software, so 'quick fix' does not really help.

        By far the most effective way to remove the malware off all infected computers is to take over the control center and issue "remove yourself and all traces" command to the drones.
  • Norton ?

    If only all MacOs users could feel as safe as me....i use Norton :p
    • Norton

      Norton would not have stopped Flashback. AV apps can only repel known malware. Both PC and Mac users are still wide open to brand new, undiscovered exploits.
      • Yes, Norton

        Well Norton was a sewer cleaner in the Honeymooners so maybe it is appropriate.
      • You mean the honeymonster's, right?


      • Not actually true of modern AV's

        Any decent AV application (or suite) employs Heuristic tools to help protect from as yet unidentified malware... not perfect but is far better than nothing

        Mind you, if Norton for Macs is anything like the PC variant I'd almost prefer having nothing than that piece of s*&t!
    • Norton is a pig of a product

      I used to use Norton on my Windows PCs and my Macs at home because it was free from my ISP. UGH! The performance and usability on both platforms was crippled. Not to the point of being unusable, but enough that I wasn't willing to keep that junk on my systems.

      On my Win box I use Microsoft Security Essentials. Great product, no cost, 'nuff said.
      On my Macs I use common sense. To date, the threats for Macs are still few enough that if you don't blindly click every little installer out there, you remain pretty darn safe. Of course, I also go out of my way to know what's going on in the wild so I am educated more than many to begin with.

      I do scan my Macs on a regular schedule (currently using ClamXAV for this) and I ran the Terminal commands to do a manual search for FlashBack. To date I have not found malware on my Macs since moving to OSX in 2001. I did have one infection under OS 9.1 and one other waaaayyy back in the days of System 7.3.3. All that being the case, I will keep to this practice until things significantly worsen. For now, I find that common sense and diligent verification suffice.
      • Question.....

        When did you last use a "Norton" product? 2005?
      • MS Security Essentials?

        You have got to be kidding about MS Security Essentials. I gave up on that piece of rubbish last year. Hadn't had a virus for years, but stupidly changed to this program because it was free. One week later I got a virus simply by VISITING a bad website directly from Google when I looking for (ironically) IT advice. No download boxes to click no to, nothing, I didn't agree to something by mistake, download anything etc - just clicked a link in Google and bam. Will never trust MS as a Anti-virus vendor again.
      • re Ms Security Essentials woes


        Unfortunately no AV has a 100% hit rate, but MS has earned themselves a pretty damned good reputation with their product (and I say this as a Commodo user so no bias). As to the point that you got infected simply by 'VISITING' an infected site, not only is that the very definition of 'drive-by' infection, it is the very method used by the aforementioned Flashback virus...
      • Microsoft Security Essentials

        Microsoft learned this lesson, but for reasons of their own wrongdoing in the past (the various antitrust lawsuits) they cannot enforce it. If your OS has flaws (and all do), then it is your responsibility to safeguard it. It is also apparent that the OS vendor has access to various undocumented hooks deep into the OS that might be used for such purposes.
    • Norton IS Malware!

      My netbook came with Norton AV and it was just like having malware on it.
      It would prompt me all the time to upgrade to the full version. It sends logs to Norton by default and when not connected it would prompt to connect to the internet. It slowed the computer down a lot. Got rid of it and OMG, everything was better.
      FU Norton!
      • Microsoft security essentials was developed only for Microsoft windows. No?

        Microsoft security essentials was developed only for Microsoft windows. No?
  • Apple needs to follow Microsoft's lead

    with a Malicious Software Removal Tool(TM) that is run as part of OS X updates. Then it's users won't have to manually download and run this tool for Flashback. And Apple can add detection and removal capabilities for new malware and variants, as needed.
    Rabid Howler Monkey
    • They will

      They already deployed software to seek and remove the MacDefender-type malware as part of a system update last year, so this kind of solution is not new to them. Personally, I'd just like to see them deploy this kind of fix much faster.
      • Sorry

        I meant to "+" your comment but I hit "-" instead.

        You are correct on all counts. Apple does already have the mechanism in place in OS X, and it will undoubtedly be updated. Having said that, you are also correct that the reaction speed needs to be much improved.

        There will be a lot of change at Apple, with Steve no longer there. On my personal wish list of changes is that the removal of his RDF will also lift the blinders from the reality that the world is NOT a safe place to be and that Apple can't afford to drag its corporate feet like this.