Adding to the ease at which the Macs were infected was Apple's slow response to the Java vulnerability. The company did not release a patch for weeks after a fix was issued for Windows PCs. Apple released Wednesday a short statement outlining its defensive efforts, which included getting ISPs to take the criminals' servers offline. On Thursday, Apple released an update for Mac OS X v10.7 and v10.6 that would automatically remove the most common variants of Flashback. In addition, if Java has not been used in the last 35 days, the platform is automatically disabled and has to be reactivated manually to run a Java application. Apple has advised people using older versions of the Mac to disable Java support.
Meanwhile, security vendors have been seeking attention from Mac users by releasing advice and free tools to combat the malware. Symantec and Kaspersky Lab have released removal software, while F-Secure has posted on its website a how-to on removing it manually.
Free help aside, the outbreak is a wakeup call for Mac users. With Apple's market share growing in the PC market, the Mac has become a worthwhile target for cyber-criminals. While the latest outbreak is the largest to date, it likely won't be the last, said Symantec's Murchu. "What it shows in general is a shift away from attackers solely looking at Windows and they're starting to look at other operating systems as well."