A new variant of the Flashback trojan has appeared, exploiting a Java vulnerability found in Macs. Cyber security firm F-secure announced this discovery via its blog today.
Flashback is a trojan that was originally distributed in the guise of erotic images or politically offensive material. It was later updated to be distributed in a fake installer application for the Adobe Flash Player plug-in. The malware works by downloading its payload from remote sites and creating a backdoor in users’ browsers through which the users’ information is transmitted to remote servers. Previous versions of the malware targeted older Java vulnerabilities (CVE-2011-3544 and CVE-2008-5353, according to F-secure) which were repaired in updated versions of Java.
But the most recent variant of Flashback, called Flashback.K, exploits a newly discovered vulnerability (CVE-2012-0507) and is capable of “infecting systems without user interaction” [F-secure]. Originally this variant of Flashback targeted both Mac and Windows systems, but a patch released by Oracle in February as part of a Windows Java update has rendered up-to-date Windows machines safe from the attack. Apple has yet to release the update for OS X.
F-secure also warns of yet another available Java exploit that is currently on sale in the computer underworld.
At least until Apple releases a patch for the newly targeted exploit, F-secure urges users to disable the Java client on their Macs. As a rule, the company recommends that users keep Java disabled on their browsers, enabling it only when necessary and with caution, and then disabling it again immediately when it is no longer needed.
The company also provides instructions on detecting and removing Flashback from your Mac.