Do You Know that Flashback Trojan Has a New Tactic?

Over half a million Mac users worldwide are at risk to receive an unsolicited visit from a new variant of FlashbackTrojan virus.

According to Dr. Web, a Russian antivirus company, a new variant of Flashback Trojan is in celebratory mood after they successfully infected more than 500,000 Macs, possibly reaching 600,000 with 274 bots most likely getting into the Apple headquarters in Cupertino, CA.

Flashback Trojan is widely known to be a Mac Trojan horse that’s been visible in the market since 2011. This malicious software that cloaked as installer for Adobe Flash relied solely on users to install them.

When this Trojan variant was uncovered last year by Intego, a security firm, people were already warned with the fix in tow. However, the never-say-die attitude of Flashback Trojan makers brings them a new tactic to hail - installation no longer needs the users intervention.

Flashback Trojan Back with a Vengeance

Yes, Flashback Trojan is back with a vengeance. They changed tactics - and this time, users are no longer part of the process. Flashback Trojan can now infect a Mac computer by just a mere visit to a website. They no longer pretend to be an installer or a Mac software update or a Java updater.

The newest variant dubbed as OSX/Flashback.K by F-Secure security researchers, no longer need an administrator’s password. Once a user visits the malicious website, voila, Flashback successfully enters their computer without them knowing. This weakness is found in Java SE6 identified as CVE-2012-0507.

Sad to say, there is currently no fix for this new malware on the Mac. Since the discovery, Apple has been cast in a bad light. But knowing the company’s stand on rolling updates, the patch for this issue may be due in the not too distant future.

Mac users don’t have to throw their towel yet. They have to take down power on the Flashback Trojan. One good step is to disable Java. Next is to be aware and to know how trustworthy are the websites they visit. In general, the best immediate “cure” for this new type of virus is…common sense.

No comments: