(LiveHacking.Com) – Apple has released a malware removal tool to seek out and remove common variants of the Flashback malware. The tool will look for the malware and if it is found it presents a dialog notifying the user that malware was removed. In some cases, the user will need to restart in order to completely remove the malware. The tool can be downloaded separately for users of OS X Lion who do not have Java installed or as part of a security update.
The security update provides the removal tool for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3 and OS X Lion Server v10.7.3. It also adds functionality to automatically deactivated the Java browser plugin and Java Web Start on OS X Lion systems that have not used Java for a period of 35 days or more. The update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
Meanwhile Sophos has discovered a new piece of malware, which it is calling Sabpab, that exploits the same Java vulnerability used by Flashback. Sabpab is a backdoor Trojan which connects to a command and control server to receive commands from the attackers. Sabpab can be commanded to make screenshots of the infected Mac, upload and download files, and execute commands remotely.
It looks like the Sabpab Trojan is not as widespread as Flashback and the release of the latest Java updates should thwart its spread – as long as Mac users update promptly!
“It’s time for Mac users to wake up and smell the coffee. Mac malware is becoming a genuine issue, and cannot be ignored any longer” said Sophos on its blog.