It's long been "common knowledge" that one of the big advantages for computers using the Mac operating system is that they simply are not prone to the types of malware attacks (viruses, Trojans, spyware, etc.) that are almost everyday occurrences for Windows users. The reasons for that include fewer vulnerabilities (security holes through which viruses and the like can attack) and a much smaller installed base of machines (meaning less "bang for the buck" for would-be cyber mischief-makers). Well, so much for "common knowledge" as a Trojan called Flashback has apparently found a home on upwards of half a million Apple computers. While that pales compared to what Windows users face, it's still easily the biggest malware attack to ever target Apple machines, and significant enough that it should shake the feeling of relative invulnerability that many Apple users have enjoyed up to now.
What is Flasback?
Flashback is a type of malware called a Trojan, which enters your computer by masquerading as a piece of important or desirable software. Originally appearing as an Adobe Flash player installer (hence its name) that users had to click on to invite into their system, most have actually been infected via a Java security flaw that was recently patched in Apple machines. That vulnerability allowed the Trojan to download itself from an infected web site, with no user interaction required.
Once installed, the malware provides a backdoor for cybercriminals, says The New York Times. The report adds that while that could lead to a number of unfortunate uses, for now, the creators seem to be using infected computers for "click fraud;" that is to manipulate clicks on site advertisements to generate income for themselves.
What can you do about it?
The security hole that allowed for the spread of Flashback has been closed, at least for now. However that only makes a difference if you are diligent about downloading and applying security updates as they become available. If you've let some of that slide, make sure your system is up-to-date, and make sure you are set up to automatically download and update your OS to keep things as secure as possible going forward.
You also need to make sure your computer is clean. CNET provides information on how to check for the presence of Flashback. There's also a web-based utility that checks your machine against a database of computers that are known to be compromised. The Washington Post reports that those machines that have the Trojan can get rid of it by installing a good antivirus program. Our report on antivirus software includes top choices for Mac users. For those with the appropriate technical expertise, F-Secure, a Finnish computer-security firm, has instructions for manually removing the Flashback malware. Finally, for those who would prefer to take a sledgehammer (metaphorically speaking) to their infected Mac, CNET also has instructions for removing and re-installing your OS X operating system while keeping your data safe.