I guess alot of people would crap themselves if they did actually run a virus scan on their mac and see what it found. And then take it back to the apple store to get it sorted.
A couple of useful links...
Detect FlashBack Malware in Mac OS X the Easy Way « OS X Daily
A new application has been released which makes checking a Mac for the Flashback malware infection as simple as clicking a button. This is a huge help for assisting less tech savvy people for checking their Macs...
This new app-based detection method is very nontechnical and is just a two step process. (Source)
Apple to release Flashback removal software, working to take down botnet « Ars Technica
Apple plans to release software that will detect and remove Flashback malware infections on the Mac, the company announced Tuesday. In a knowledge base link published late in the day, Apple explained that it's aware of the infection—which takes advantage of a previously unpatched Java vulnerability—saying that the software was coming, but no specific release date was given.
In addition to the Flashback detection software, Apple said that it's "working with ISPs worldwide" to disable the botnet's command and control (C&C) servers. Kaspersky researcher Kurt Baumgartner told Forbes earlier on Tuesday that "Apple is taking appropriate action by working with the larger Internet security community to shut down the Flashfake [also known as Flashback] C2 domains," and Apple's latest efforts seem to coincide with Baumgartner's statement.
"Apple is developing software that will detect and remove the Flashback malware," Apple wrote. "In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network." (Source)
I have to say, reading this article it goes to show just how amateurish and childish Apple really are when it comes to security.
Apple really need to wake up and stop pretending their software is unbreakable. Microsoft's procedures are a perfect example how a new security vulnerability should be handled and patched accordingly.
It wouldn't surprise me that proportionately, we'll start seeing more malware/viruses targeting Apple software rather than Microsoft software. You could argue it's getting increasingly more difficult to find vulnerabilities in Microsoft software and that Apple's software is comparatively untouched and potentially full of vulnerabilities to exploit.
Apple have released their own Flashback removal tool now (it's part of the Java for OS X Lion 2012-003 and Java for Mac OS X 10.6 Update 8 updates).
In other news, Sophos have discovered a new trojan horse called OSX/Sabpab.A which uses the same Java vulnerability as Flashback.Quote:
This Java security update removes the most common variants of the Flashback malware.
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
Even when Oracle distribute the updates themselves (i.e. on Windows), you still find a lot of people have old versions installed because their updater sucks. :(
Based on the Java patching habits of 28 million unique Internet users, Rapid7 estimates that 60-80% of computers running Java are vulnerable to this attack today.
Looking long term, upwards of 60% of Java installations are never up to the current patch level. Since so many computers aren’t updated, even older exploits can be used to compromise victims.
Rapid7 researched the typical patch cycle for Java and identified a telling pattern of behavior. We found that during the first month after a Java patch is released, adoption is less than 10%. After 2 months, approximately 20% have applied patches and after 3 months, we found that more than 30% are patched. We determined that the highest patch rate last year was 38% with Java Version 6 Update 26 3 months after its release. (Source)
You could argue however that Apple have chosen to include and distribute Java as part of the OS. Microsoft do not include Java, although many OEMs do install it on their base images.
I agree that the Auto Updater on older versions of Java isn't great, but newer versions do tend to download or at least prompt the user to download the update.
Not to mention the fact that they don't release patches. They release new versions every time. So every time we have to do a network wide update, we end up having 5 minutes at boot for it to install. And they update *a lot*.
I suppose the other question of course is why is this Java exploit only being exploited on Mac and not Windows? Both OSes use Java, but it probably underlines other factors when it comes to OS design.
As I say, Microsoft software proportionately is exhausted and it is getting increasingly harder to find vulnerabilities. I do suspect the Apple virus/malware is a bigger problem than many people realise.
I suppose they could, but it may be down to compatibility or simply giving the user choice whether or not they want to install an update.
I think the best advice is to only install it if needed in the first place. This decreases the surface area of attack on any platform.
A service would be better (to go along with the update services for Adobe Reader, Flash Player, Firefox, iTunes/Safari/QuickTime and the various Google apps). :)
CVE-2012-0507) is actually the same one used by the Kelihos.C spambot on Windows. Tech journalists obviously report on the former because it generates page views and thus more ad revenue. ;)
How about, on Windows, these plugin makers work with Microsoft and release their updates via the Microsoft Update platform. A single unified update platform for all software would be great.
Kinda like APT in Linux...