The company is also marshaling legal tools for the fight. In its update, the company said: “The Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.” However, at least one of the servers that has already been disabled was reportedly a “sinkhole” developed by researchers at Russian firm Dr. Web, which initially uncovered the malware. That server was being used to intercept traffic from the botnet spawned by Flashback in order to find more details about the malware.
Flashback has persisted well into 2012; a new variant revealed this month can infect computers with little more than a visit to the wrong website. A vulnerability in Java, identified as CVE-2012-0507, allows the malware to install itself from a malicious website the user visits, without needing the user to enter an administrator’s password. Though the security hole was patched in Java in February, the fix didn’t make its way to Macs until Apple released its own Java update last week.
This isn’t the first time in recent memory that Apple has had to take steps to fight back against malware. Last May the company released a security update to help exorcise the Mac Defender Trojan horse from Macs. That update was also designed to offer further protection in the future by beefing up the malware detection system first included in Snow Leopard, but that File Quarantine system is aimed primarily at apps that a user would unwittingly download—the Java vulnerability allowed Flashback to sidestep the system entirely. In other words, reinforcing your door is a great way to make you safer right up until someone breaks in through a window.