Flashfake removal tool
Posted on 11.04.2012
Update April 12, 2012: The tool has temporarily been removed, more details here.

In response to the recent discovery of the Flashfake botnet, Kaspersky Lab has announced the availability of its free Flashfake Removal Tool.


Visit the safe verification site to determine if youíre infected.

If your UUID is found in the database, you need to disinfect your Mac. You can use the Kaspersky Flashfake Removal Tool. It will automatically scan your system and remove Flashback if it is detected.

Details

Kaspersky Labís experts recently analyzed the Flashfake botnet and found a total of 670,000 infected computers worldwide, with more than 98% of the computers most likely running Mac OS X. It is anticipated that the other 2% of machines running the Flashfake bot are very likely to be Macs as well.

This is the largest Mac-based infection to date, with the largest number of victims targeting developed countries. The United States had the most infected computers (300,917) followed by Canada (94,625), the United Kingdom (47,109) and Australia (41,600). Other infected countries included France (7,891), Italy (6,585), Mexico (5,747), Spain (4,304), Germany (4,021) and Japan (3,864).

On 6 April Kaspersky Labís researchers reverse-engineered the Flashfake malware and registered several domain names which could be used by criminals as a Command & Control (C&C) server for managing the botnet. This method enabled them to analyse the communications between infected computers and the C&Cs. By connecting to Flashfake, Kaspersky Labís experts are able to continuously monitor the botnetís communication with active bots and have published their findings here.

Throughout the Bank Holiday weekend Kaspersky Lab experts saw a decline in the number of active bots: on 6 April the total number was 650,748. At the end of 8 April, the number of active bots was 237,103. However, the rapid decrease in infected bots does not mean the botnet is shrinking at the same rate.

The statistics represent the number of active bots connected to Flashfake over the weekend - it is not the equivalent of the exact number of infected machines. Infected computers that were inactive over the weekend would not have communicated with Flashfake, thus they would not have appeared as an infected bot.

Flashfake is a family of OS X malware that first appeared in September 2011. Previous variants of the malware relied on cyber criminals using social engineering techniques to trick users into downloading the malicious program and installing it in their systems.

However, this latest version of Flashfake does not require any user-interaction and is installed via a ďdrive-by download,Ē which occurs when victims unwittingly visit infected websites, allowing the Trojan to be downloaded directly onto their computers through the Java vulnerabilities. Although Oracle issued a patch for this vulnerability three months ago, Apple delayed in sending a security update to its customer base until 2 April. Users who have not updated their systems with the latest security should install and update immediately to avoid infection.





Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //