Earlier this week, security firm Kaspersky Lab released a tool for removing the Flashback/Flashfake malware. The release followed news that around 670,000 computers worldwide were infected, 98-percent of which were likely running Mac OS X. Even more, 300,917 of those infected computers were found to reside within the United States, followed by Canada (94,625), the United Kingdom (47,109) and more.
But now Kaspersky is reporting that its detection tool actually had a bug that could cause problems for Mac users. "In some cases it is possible that the use of the tool could result in erroneous removal of certain user settings including auto-start configurations, user configurations in browsers, and file sharing data, the company said on Thursday in an email to Tom's. "The Kaspersky Flashfake Removal Tool has been temporarily suspended. The company will release an updated version of the utility with the bug corrected and will send a notification as soon as it’s available."
"In the event that users experienced problems due to the use of the Flashfake Removal Tool, they should contact Kaspersky support at email@example.com or by calling Moscow at +7 (495) 797-70-32 for 24/7 help in English or Russian," the company added. "Kaspersky Lab apologizes for any inconvenience caused by this issue and is working diligently to correct the problem."
As reported earlier this week, Apple is supposedly working on its own Flashback/Flashfake removal tool. So far a release date hasn't been set, but the company says it's working with ISPs worldwide to disable the C&C network. The Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions, Apple states.
For now Apple suggests that users running Max OS X v10.5 or earlier can better protect themselves by disabling Java in the web browser's preferences. section.
"Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6," Apple reports. "By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates."
Mac users concerned that they might be infected with Flashback/Flashfake can still use Kaspersky's online tool to scan their system. This dedicated site is safe for users to visit and enter their computer’s UUID, which will be checked in Kaspersky Lab’s Flashfake database of infected computers (instructions for entering user UUIDs are included as well). If the UUID is found in Kaspersky's database, then infected Mac users will need to download and run the fixed removal tool when it becomes available.