News of the Mac malware dubbed Flashback continues to spread, trailing on the heels of the exploit itself. A security firm has uncovered statistics about the Flashback infection, as well as providing tools to detect and remove the infection.
Kaspersky Labs managed to reverse engineer Flashback and set up a “sinkhole server” where it could intercept traffic reported from computers infected by the malware. The information the company retrieved helped it compile data on the extent of the botnet spawned by Flashback; so far, Kaspersky says, it’s registered a total of 670,000 unique bots, or infected computers.
In addition, the firm was able to break down the bots by geography; unsurprisingly, more than half of Flashback-infected computers were in the U.S., followed by decent chunks in Canada, the United Kingdom, and Australia. And although a vulnerability in Java could affect other platforms, Kaspersky’s numbers say that Macs make up more than 98 percent of infected machines that it’s surveyed.
While Apple issued a patch last week to close the Java vulnerability that Flashback exploits, that update won’t detect whether you’re infected or remove the malware. Last week, F-Secure published a set of Terminal commands to uncover the exploit, and on Monday an independent programmer released a Mac app that can check for the infection as well. Kaspersky’s offering yet a third approach: a website into which you can paste your Mac’s unique identifier to see if you’re afflicted by Flashback. The site will also check and make sure that you have the latest Java update installed, and are thus safe from further infection—otherwise it will prompt you to run Apple’s Software Update.
If Flashback has descended upon your Mac, the firm also offers a free removal tool; of course, the company also offers a commercial anti-virus product. For those looking to protect themselves even further, one Kaspersky expert has posted a list of ten steps Mac users can take to reduce their risk of future infections.