A new, sneakier variant of the Flashback malware was uncovered yesterday by the French security firm Intego.
Flashback.S, which Intego described Monday, uses the same Java vulnerability as an earlier version that has infected an estimated 820,000 Macs since its appearance and still plagues over 600,000 machines.
But unlike Flashback.K, the variant that first surfaced last month and has caused consternation among Mac users, Flashback.S never asks the victim to enter an administrative password for installation, but instead relies only on the silent exploit of the Java bug to sneak onto the system.
“The differences are very subtle,” Peter James, a spokesman for Intego, said in an interview Tuesday. “There’s no password request [by Flashback.S].”
Much more in the two page article.
Apple will likely need to update their seek and destroy tool very quickly to help users stay free of this new variant.
If you think you are beginning to need an antivirus/antimalware solution, there are quite a few out there. Below are just a few:
Sophos Anti-Virus for Mac Home Edition – Sophos has a worthy product out there and it is nice that they make their money on corporate/business computers and offer the home version for free.
ClamXav The Free Anti-Virus Solution for Mac OS X It uses the popular open source ClamAV engine as it’s back end and has the ability to detect both Windows and Mac threats.
There are other options as well for the Pay to Play crowd.
And others from Intego Virus Barrier for Mac free and Pro versions available in the Mac App Store. Intego as noted above found this newest FlashBack in the wild). Other Mac antivirus firms Symantec/Norton, and many more.
Many of these come with a heavy CPU usage hit that is very annoying considering the small number of actual threats out there for the Mac. Of course some users may feel that the ones that provide real time protection are the way to go, some may feel it is worth it if their Macs are speedy enough and they have enough RAM.
For those who don’t think they need a Mac antivirus just yet, if you don’t use Java or none of your programs use Java, you could go to the ~/Applications/Utilities/Java Preferences.app and disable Java until you actually need it and then re-enable it as needed. It’s a very easy thing to do really.
Or you could set up AppleScript to monitor areas where malware might inject itself so it will alert you.
Monitor OS X LaunchAgents folders to help prevent malware attacks – CNET
Some additional locations to add can be found at MrAnderson.info here.
Also installing Piriform CCleaner for Mac is a great idea and can be run as needed very quickly every day even.
Certainly less of a system resource hit and one could still have a non-resident antivirus and scan at your convenience and respond if the Applescript tells you something is going on that you didn’t instigate by installing a program, etc.
The Applescript monitoring locations that you can set up is built with Mac OS X which is light on resources and free. The Applescript monitoring does a similar thing as WinPatrol does in Windows – but of course in a very small area comparatively. WinPatrol does so much more but the key similarity is the monitoring for changes to areas that malware can hit a Windows PC.
What we need for people who are not very savvy about these things is a MacPatrol app like WinPatrol.