There is a new variant of the Flashback malware, which Mac users continues to ravage. The new version of the trojan requires no user input. Recent figures show that still around 600,000 users are infected.
The new variant, Flashback.S, is a modified version of the Flashback malware, which at the beginning of april broke out. It still uses the same vulnerability in Java, by Apple on april 12, poem, report antivirusbedrijf Intego. In contrast to the predecessor works the variant, however, completely without input from the user, the malware installs itself silently without requiring a password.
When the malware is installed in the location ‘~/Library/LaunchAgents/com.java.update.plist “and”~/.jupdate’ he removes all of the files in Java’s cache. Thereby prevent the trojan to be discovered by Apples built-in anti-malware software. The malware can be picked up by the various antiviruspakketten for OS X that the virus definitions for the original Flashback-version. Research showed that the malware was distributed via compromised WordPress blogs.
Users who have the patch from Apple against the vulnerability in Java have been installed are not eligible for this variant, but the number patched computers appears much smaller than initially calculated. Earlier still reported to Symantec that the number of infected Macs to one-fourth of the original contamination has dropped, of 600,000 to 140,000, but these figures appear to be incorrect.
DrWeb, a Russian antivirusbedrijf that the Flashback botnet, discovered, calculated that in still about 600,000 users infected with the malware. Symantec gave afterwards that the numbers of DrWeb. The calculation method of Symantec was not correct, because the structure of the Flashback malware a different method of calculation required by DrWeb, however, was correctly applied.
The Flashback malware installs itself in certain programs on OS X computers, such as Skype, to sensitive data of the user to intercept. Apple gets with the outbreak of the malware a lot of critics, because it allows to respond to the problem. Also blame DrWeb Apple that it does not communicate or collaborate with the various antivirus companies.
Code of the Flashback.S-malwarevariant