Apple Releases Flashback Removal Tool for Macs Running OS X Lion without Java

[MacRumors]

Following yesterday's release of fresh Java updates to remove the Flashback malware system from Macs running OS X Lion and Snow Leopard, Apple today released a standalone Flashback malware removal tool to clean infections from OS X Lion systems without Java installed.

About Flashback malware removal tool

This Flashback malware removal tool that will remove the most common variants of the Flashback malware.

If the Flashback malware is found, a dialog will be presented notifying the user that malware was removed.

In some cases, the Flashback malware removal tool may need to restart your computer in order to completely remove the Flashback malware.

This update is recommended for all OS X Lion users without Java installed.

While the most dangerous method of attack for Flashback exploits a security hole in Java that Apple has now patched, various versions of the malware have also used social engineering and other tricks in attempting to gain access to users' systems.

With OS X Lion not having Java included by default, users of Apple's latest operating system who have found themselves infected through other means and do not have Java installed can use the new tool to clean their systems without needing to install Java.

The update weighs in at 356 KB and requires OS X Lion without Java installed.

Article Link: Apple Releases Flashback Removal Tool for Macs Running OS X Lion without Java

 

[Jarra]

Do you really need Java?

Turned off Java in Firefox and Safari a week ago when I learned of this problem. I haven't noticed any difference in web browsing or anything really. Do I really need it? Seems not. Might uninstall (if possible).

 

[SilverOnemi]

Turned off Java in Firefox and Safari a week ago when I learned of this problem. I haven't noticed any difference in web browsing or anything really. Do I really need it? Seems not. Might uninstall (if possible).

you need it for logmein for example, honestly i've been running java and haven't been infected.

 

[ImperialX]

I've had Java running all this time and never had a problem...

 

[Rocketman]

That's 4 updates in 4 minutes, er, days.

 

[adamw]

Thanks Apple. I appreciate you trying to help Mac users. I got the trojan via Java, but this should help those running Lion without Java that may get exposed to the trojan in some other way.

 

[ixodes]

Thanks Apple. I appreciate you trying to help Mac users. I got the trojan via Java, but this should help those running Lion without Java that may get exposed to the trojan in some other way.

Thanks Apple?

Hello? What are you thinking?

It's Apples responsibility to step up, too bad they had to get busted publicly, before taking action to resolve this.

 

[MarkMS]

Thanks Apple. I appreciate you trying to help Mac users. I got the trojan via Java, but this should help those running Lion without Java that may get exposed to the trojan in some other way.

Yep! Keep an eye out for "FlashPlayer-11.pkg" or some variant form of that in your Downloads folder. This is how it began to spread last year. People visiting shady sites and installing fake versions of Flash. Can't wait until Adobe adds the new background autoupdate and install feature to Flash. Windows users got with the latest version of Flash. OS X users have to wait just a little bit longer.

Also deny files from opening up automatically in Safari by going to Safari>Preferences>General>and uncheck "Open 'safe' files after downloading".

Install Little Snitch if you can. It's a great tool I've been using for many years now and it's something this trojan looks for and deletes itself if it finds it. Same with ClamXav. Little Snitch costs a bit, but worth every penny, in my opinion. ClamXav is free in the Mac App Store.

 

[Swift]

Here's the perfect version of Flash

Yep! Keep an eye out for "FlashPlayer-11.pkg" or some variant form of that in your Downloads folder. This is how it began to spread last year. People visiting shady sites and installing fake versions of Flash. Can't wait until Adobe adds the new background autoupdate and install feature to Flash. Windows users got with the latest version of Flash. OS X users have to wait just a little bit longer.

Also deny files from opening up automatically in Safari by going to Safari>Preferences>General>and uncheck "Open 'safe' files after downloading".

Install Little Snitch if you can. It's a great tool I've been using for many years now and it's something this trojan looks for and deletes itself if it finds it. Same with ClamXav. Little Snitch costs a bit, but worth every penny, in my opinion. ClamXav is free in the Mac App Store.

No Flash. I run Little Snitch, and I'm willing to run AV software, but I'm going to test things out. It slows down my Mac, it's gone.

 

[faroZ06]

I've had Java running all this time and never had a problem...

Same. I don't see how so many people are getting this.

Also, Apple didn't release anything for Leopard, right?

 

[cerote]

I run Little Snitch

Same here. Always had it. Great tool to see what is sending stuff out without you knowing.

 

[faroZ06]

No Flash. I run Little Snitch, and I'm willing to run AV software, but I'm going to test things out. It slows down my Mac, it's gone.

Get Click2Plugin (Flash and stuff only loads if you click on the element, customizable) and AdBlock (blocks most ads). Don't install stuff that looks illegit. You are safe.

Oh, and opening "safe" files after downloading isn't dangerous. What's it going to do, infect your computer by opening a ZIP or DMG? Just don't agree to any installations that randomly appear when you're browsing some shady site, loading plugins on the site.

----------

Same here. Always had it. Great tool to see what is sending stuff out without you knowing.

Yeah, but doesn't it slow you down? Oh, and it's a b**** to uninstall.

 

[Roc P.]

So I ran this update and it installed and then nothing happened. Does that mean I am ok?

 

[Macman45]

I've had Java running all this time and never had a problem...

Same here, and ran diagnostics on all 3 Macs all are clean, but Have installed the update anyway...No issues so far.

 

[Sitti]

Same. I don't see how so many people are getting this.

Also, Apple didn't release anything for Leopard, right?

Perhaps, those who got infected are visiting too much porn sites

 

[Dr McKay]

Same. I don't see how so many people are getting this.

Also, Apple didn't release anything for Leopard, right?

All it takes is 1 trip to Google Images, click on the wrong thumbnail and boom.

 

[Roc P.]

So those of you who ran this update, what happened? Did it just install and then nothing happened? I found it odd to not even be told that I at least DIDNT have this Trojan.

 

[east85]

Way to go Apple! I'm so glad the apple team did this right away without being pressured by the media! I'm even more happy that their Java updates are so speedy and current! Thanks to Apple for taking it upon themselves to save the day as soon as possible! I'm sure that's the reason why it was released in the middle of the night in most of the western world!

 

[RobertMartens]

The update weighs in at 356 KB.

Why do you say it 'weighs in at' 356 KB?

Why don't you just say it 'is' 365 KB

I don't see how writing 'it weighs in at' adds any information or style especially as you have used this phrase at least 100 times in the exact same way. That seems to reveal a certain lack of style. Or perhaps I am just being a curmudgeon.

 

[sam.walker22]

How do I run it when it's installed? I cant find it anywhere

 

[Mr. Retrofire]

So I ran this update and it installed and then nothing happened. Does that mean I am ok?

Yes, the remover tool runs in the background.

----------

You are safe.

That is an illusion.

Oh, and opening "safe" files after downloading isn't dangerous.

It is dangerous, because you have no control.
http://www.us-cert.gov/cas/techalerts/TA06-053A.html

What's it going to do, infect your computer by opening a ZIP or DMG?

The OS reads these file formats. So it is possible to cause buffer overflows and other things in the OS via special ZIP and DMG files. That is the reason why Mac OS X mounts now .dmg-files outside the kernel address space. Older versions of Mac OS X mounted .dmg files inside kernel address space.

----------

I found it odd to not even be told that I at least DIDNT have this Trojan.

Yeah, the remover tool should tell you, that you use Mac OS X and not Windows. That is really necessary! ;-)

 

[phonitron]

Why do you say it 'weighs in at' 356 KB?

Why don't you just say it 'is' 365 KB

I don't see how writing 'it weighs in at' adds any information or style especially as you have used this phrase at least 100 times in the exact same way. That seems to reveal a certain lack of style. Or perhaps I am just being a curmudgeon.

FFS! Get a life. I don't see how your post contributed anything to anything.

FWIW, my Leopard machine hasn't picked up this update... Yet. I'm checking around and will post back accordingly.

Update: Maybe best to download a removal tool/checker, and disable Java on Mac's that can't update to Snow Leopard. http://reviews.cnet.com/8301-13727_7-57411535-263/java-updates-for-flashback-avoid-os-x-tiger-and-leopard/

 

[wasson66]

In some cases, the Flashback malware removal tool may need to restart your computer in order to completely remove the Flashback malware.

 

[NY Guitarist]

Is this available for Snow Leopard?

It would be nice to know Apple has thought about protecting users who need to stay on SL too.

 

[fruitycups]

Is this through software update?