Apple releases tool to combat Flashback malware

Image caption, Apple says the tool removes "the most common variants" of the malware

Apple has released a fresh Java update that it says removes the Flashback Trojan on infected Macintosh computers.

The malware installs itself if a user visits a malicious website, exposing the computer to control by hackers.

The update's release comes two days after Apple said it was tackling the issue, and a week after an anti-virus firm warned 600,000 Macs were infected.

Another security firm, Kaspersky, has recalled its own Trojan-removal tool after it affected some user settings.

The company said its tool was removing settings on the computers it was being installed on, and promised to offer a replacement shortly.

'Slow reaction'

Apple, on the other hand, states on its <link> <caption>website's support section</caption> <altText>Apple support section</altText> <url href="http://support.apple.com/kb/HT5242" platform="highweb"/> </link> that its new removal tool gets rid of "the most common variants" of the malware.

The tool is integrated into the latest security update to Java on Apple computers running Mac OS X 10.6 and 10.7 ("Snow Leopard" and "Lion").

Users of infected machines running earlier versions of the operating system are told to disable Java in their web browser preferences to deal with the problem.

Earlier, Apple also said it was working with ISPs to shut down networks of servers hosted by the malware authors, which the code relies on "to perform many of its critical functions".

However, Apple has been criticised for the time it took to react to the Trojan infection.

Stealing data

It is suspected that Flashback was designed to steal passwords and other personal data from users through their web browser.

Russian anti-virus firm Dr Web estimated on 6 April that some 600,000 Macs around the world had contracted the malware.

But security company Norton stated that the number of infected computers had since fallen to 270,000.

Several firms released their own Flashback removal tools ahead of Apple's latest security update.

However, Kaspersky Lab issued a statement after discovering problems with its software.

"In some cases it is possible that the use of the tool could result in erroneous removal of certain user settings including auto-start configurations, user configurations in browsers, and file sharing data," the firm's spokesperson Greg Sabey said in an email to the press.

"The company will release an updated version of the utility with the bug corrected and will send a notification as soon as it's available."

Some analysts say Apple could have avoided the attack if it had tackled the problem sooner.

Java's developer Oracle had issued a fix for other systems eight weeks before Apple's first security update.

Rik Ferguson, director of security research and communication at Trend Micro, said: "Security updates issued by Apple are issued too slowly and not on any regular schedule.

"Apple's sluggishness on security updates could perhaps have been defended in the past by the relative paucity of malware on that operating system. However, MacOS is increasingly attractive and increasingly exploited by criminals."

Apple also appears to be trying to improve safety for its online store iTunes, possibly addressing the growing number of complaints about some accounts being hacked.

Users are being prompted to add back-up email addresses and answer security questions to protect their accounts and devices.

Apple has not commented on the move, which initially confused <link> <caption>some of its users</caption> <altText>Apple forum</altText> <url href="https://discussions.apple.com/thread/3869387?tstart=270" platform="highweb"/> </link> .