Updates

04/10/2012 - Local observations section updated.

Background

Flashback is Mac-specific malware first reported in the Fall of 2011. This malware has recently been updated to exploit a critical vulnerability in Java and install itself without user intervention. Details on the Java vulnerability can found at http://support.apple.com/kb/HT5228 .

Impact

This malware can sniff network traffic for user credentials as well as disable security tools which may expose its presence on the system. Recent updates to the malware enable silent install via web browsing redirects, however in the past this malware has also masqueraded as Apple Software Updates or Adobe Flash updates.

Platforms Affected

All versions of Mac OS X running Java 1.6.0_29 or older versions. Mac OS X 10.5 does not have a patch for the most recent Java vulnerability.

Local Observations

Security engineers have detected a number of hosts potentially infected with the Flashback malware. Compromised hosts have been identified using a combination of DNS logs and user-agent strings used by this malware. Compromised hosts will be blocked from the network and owners will be notified through normal incident response channels.