Kaspersky Lab now offers a removal tool for the Flashback/Flashfake trojan. Meanwhile, Apple is working with its own separate tool.
Kaspersky Lab said on Tuesday that it has launched free detection and removal tools for the Flashback/Flashfake malware. The news arrives after the company discovered around 670,000 computers worldwide -- 98-percent which are most likely running Mac OS X -- infected with the Flashback malware. Even more, most of the Flashback botnet resides within the United States itself.
"Throughout the previous weekend, Kaspersky Lab experts have seen a decline in the number of infected computers (known as bots) for Flashfake: on April 6 the total number was 650,748," the company told Tom's in an email. "At the conclusion of April 8 the number of active bots was 237,103; however, the decrease in infected bots does not mean the botnet is rapidly shrinking. The statistics represent the number of active bots connected to Flashfake during the past few days – it is not the equivalent of the exact number of infected machines. Infected computers that were inactive during the weekend would not be communicating with Flashfake, thus making them not appear as an infected bot."
According to the security firm, 300,917 infected computers reside within the United States, followed by Canada (94,625), the United Kingdom (47,109) and Australia (41,600). Other infected countries included France (7891), Italy (6585), Mexico (5747), Spain (4304), Germany (4021) and Japan (3864). The company also said it managed to reverse-engineer the Flashback/Flashfake malware back on Friday and registered several domain names which could be used by criminals as a command and control (C&C) server for managing the botnet.
"This method enabled them to analyze the communications between infected computers and the C&Cs," Kaspersky said. "By connecting to Flashfake, Kaspersky Lab’s experts are able to continuously monitor the botnets communication with active bots and have published their findings via a post by Alexander Gostev, Chief Security Expert, Kaspersky Lab."
Mac users concerned that they may be infected with Flashback/Flashfake can head to this Kaspersky website to scan the system online. This dedicated site is safe for users to visit and enter their computer’s UUID, which will be checked in Kaspersky Lab’s Flashfake database of infected computers (instructions for entering user UUIDs are included as well). If the UUID is found in Kaspersky's database, then Mac users will need to download and run this Kaspersky Flashfake Removal Tool.
Meanwhile, Apple is reportedly working on its own Flashback/Flashfake removal tool. So far a release date hasn't been set, but the company says it's working with ISPs worldwide to disable the C&C network. The Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions, Apple states.
For now Apple suggests that users running Max OS X v10.5 or earlier can better protect themselves by disabling Java in the web browser's preferences. section.
"Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6," Apple reports. "By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates."
Follow @exfileme on Twitter.