Although Apple already rolled out a Flashback Malware Removal Tool last Monday, software maker Symantec reported that around 140,000 Macs are still affected with the Trojan. There was indeed a big decline in number of affected Apple devices; however, it was not the way the software firm predicted it.
According to their company blog post, the number of affected machines will drop to 99,000 by Tuesday. This is in line with Apple and a third-party vendors’ release of the Flashback-neutralizing programs last week.
Apple’s Flashback Malware Removal Tool
It should be recalled that Apple released a Flashback Malware Removal Tool last Monday, following its Java update for the Mac OS X Lion last Thursday. The program is designed to remove the so-called Flashback Trojan that affected over 600,000 Macs around the world.
The Trojan was discovered last September 2011 by a security firm Intego. It came from malicious websites that encourage users to download and install a phony Flash Player. Since the Mac OS X Lion doesn’t have a pre-installed Flash, Mac owners will manually install it.
The malware will then delete the installer package and deactivate some network security software. Once the Flashback Malware is injected on certain applications, it will connect to remote servers to send specific information about the Mac computer like its MAC address.
The removal tool will scan a user’s computer, and erase any known iterations of the Trojan. It is available on Apple’s Customer Support and is designed for Macs that run on OS X Lion and don’t have Java installed. The Cupertino-based company also advised users to check the origin of any files that claim as Flash Player installer.
It will also be ideal if they’ll download the official application from Adobe, and uncheck the “Open ‘safe’ files after downloading” if they’re using the Safari web browser. This will prevent the Flashback malware from installing itself automatically after being downloaded.
It wasn’t identified why there are still lots of affected Macs despite Apple’s fix. But it could be attributed to the fact that users remain unaware of the program and haven’t performed a software update yet.
Thus, the Flashback Trojan will continue to propagate on un-patched systems and will collect sensitive data such as user ID, passwords and web browsing history, which it sends to off-site repository. Symantec also revealed that the malware is coded to exceed top level domains and generate .in, .info, .kz. and .net URLs.