New Flashback variant plagues Mac world

Apr 24, 2012
1

If you thought the fuss over the Flashback malware for Mac computers was behind us, apparently it's not. A new variant of the Mac malware has been making the rounds according to Intego. The new version of Flashback has been dubbed Flashback.S. The malware continues to take advantage of the Java vulnerability that Apple patched.

This particular version needs no password to install, and it places itself into the user's home folder in locations" ~/Library/LaunchAgents/com.java.update.plist" and "~/.jupdate." Once it's loaded, it goes and deletes all the files and folders in the ~/Library/Caches/Java/cache. The files are deleted to remove the applet from the infected Mac to avoid detection.

According to security company Intego, Flashback.S will not install itself on computers if it finds the companies VirusBarrier X6, Xcode, or Little Snitch is installed. I suspect it would not install itself if it finds other antivirus programs either.

[via Intego]


Must Read Bits & Bytes