Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

domenica 15 aprile 2012

Apple to take action against Flashback

Apple has confirmed that it's developing software to be able to detect and take away the Flashback malware that was estimated to have impacted around 600,000 Macs.

It confirmed that the Flashback malware exploits a safety flaw in Java to put in itself on Macs. Apple said that during addition to the Java vulnerability, Flashback malware relies on computer servers hosted by the malware authors to accomplish a lot of its critical functions.

It confirmed that it really is working with ISPs globally to disable the command and control network, and released a patch in the beginning of April that fixed the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6.

Research by Kaspersky Lab found that the dimensions of the Flashback botnet decreased over the Easter weekend to around 237,000, even though it said that this doesn't indicate that it's shrinking rapidly.

Research first and foremost of April showed that greater than 500,000 Macs were impacted by the botnet, most of which can be located within the US and Canada. Security firm Doctor Web initially detected this, claiming that infection with Flashback malware is caused after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. It said JavaScript code is used to load a Java-applet containing an exploit

Symantec claimed that the botnet is assumed to have reached its size due to vulnerabilities comparable to the Oracle Java SE Remote Java Runtime Environment Denial Of Service vulnerability (CVE-2012-0507, which was patched by Windows in February) to spread the malware through exploit kits akin to Blackhole.

Doctor Web said a different difference with Flashback is that the malware can switch between several servers for better load balancing and, after receiving a reply from a control server, verifies its RSA signature and, if successful, downloads and runs payload at the infected machine.

Each infected bot incorporates a unique ID of the infected machine into the query string it sends to a control server. Doctor Web's analysts employed the sinkhole technology to redirect the botnet traffic to their very own servers and thus were ready to count infected hosts.

Kaspersky has released a free removal tool this week for Flashback. Users can check in the event that they are infected by visiting Kaspersky Lab's safe verification site and will remove the malware using the Kaspersky Flashfake Removal Tool.



Pubblicato da alle 02:01

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)