April 11, 2012
Distribution of 550,000 Flashback-infected Macs. Source: Dr.Web.com
Apple says it is crafting a weapon to vanquish a Flashback virus from Macintosh computers and working to disrupt the command network being used by hackers behind the infections.
In its first public admission that the malicious software is vexing machines powered by the California company's Macintosh software, Apple said it had patched the weakness exploited by the virus and was now out to kill it.
"Apple is developing software that will detect and remove the Flashback malware," the firm said in a message in a support blog on its website.
Hackers trick Mac users into downloading the virus by disguising it as an update to Adobe Flash video viewing software.
The malicious software does its dirty work with directions received from computer servers "hosted by malware authors" and Apple is collaborating with internet service providers to "disable this command and control network".
The virus took advantage of a weakness in Java programs, according to Apple.
Computer security specialists last week warned that more than a half-million Macintosh computers worldwide (some 30,000 in Australia) may have been infected with a virus targeting Apple machines.
Flashback Trojan malware tailored to slip past "Mac" defences is a variation on viruses typically aimed at personal computers (PCs) powered by Microsoft's Windows operating systems.
The infections, spotted "in the wild" by Finland-based computer security firm F-Secure and then quantified by Russian anti-virus program vendor Dr. Web, came as hackers increasingly take aim at Apple computers.
"All the stuff the bad guys have learned for doing attacks in the PC world is now starting to transition to the Mac world," McAfee Labs director of threat intelligence Dave Marcus told AFP.
"Mac has said for a long time that they are not vulnerable to PC malware, which is true; they are vulnerable to Mac malware."
Dr. Web has now determined that more than 650,000 Mac computers may be infected with Flashback, which is designed to let hackers steal potentially valuable information such as passwords or financial account numbers.
Apple released a patch for the vulnerability on April 3 (US time) and another on April 6.