Apple Building Malware Removal Tool

The success Flashback creators have had installing the malware has shaken the perception many users have had that the Mac is less susceptible to viruses than Windows PCs. The malware infects Macs by exploiting a Java vulnerability Apple patched weeks after a fix was available for Windows PCs.

Apple gave no details on the removal software, which got one sentence in a brief message on the company's website. "Apple is developing software that will detect and remove the Flashback malware," the company said.

Most of the message discussed what has already been reported. Apple, which handles all Java patches itself, released an update April 3 for Mac OS X v10.7 and v10.6. For older versions, Apple recommended that users disable Java in their Web browsers, closing the door used by Flashback.

In addition to the patching, Apple said it was working with Internet service providers worldwide to disable the computer servers used to command and control the network of compromised Macs. The number of Flashback-infected Macs was first disclosed by a small Russian security company, Dr. Web. Another Russian company, Kaspersky Lab, later confirmed that roughly 600,000 Macs had been infected with the malware, which is capable of stealing passwords when people visit online banking and other websites.

The outbreak revealed Cupertino, Calif.-based Apple's inexperience working with the security research community. Dr. Web told Forbes magazine Apple had asked Russian Web registrar Reggi.ru to shut down one of Dr. Web's domains, mistaking it for a Flashback server. The security vendor was using the domain as a fake command-and-control computer to monitor the network of hijacked Macs.

The sales opportunity of Apple's troubles has not been lost on security vendors. Finnish company F-Secure posted on its website the steps to find and remove Flashback. Rival Kaspersky Lab did one better by posting on its site free software tools to find and remove the malware.