What does the community recommend as an appropriate response in light of reports that "an estimated 600,000 or more Macs are currently compromised and part of a massive botnet thanks to the Flashback Trojan." Is Apple taking steps to mitigate the threat?

Maybe do some research. Apple has already released to Java updates to combat the issue as well as updating the hidden malware protection in OS X.

The only significant response is from the user - don't go downloading stuff you know nothing about because you must first download the trojan, then you must install it. Apple cannot protect you from that.

See:

Flashback Trojan User Tip

Malware Checker Dowload Link

Don't believe everything you read in PC World. The report came from a Russian company that derives its income from distributing virus and trojan software. Where they manufactured their information from - who knows. That said follow good tactics and don't allow installation of software from pop ups. I'm sure others will provide sound and sensible tips leaving out the hysteria.

MLSCOS wrote:

Is Apple taking steps to mitigate the threat?

They sure are, make sure you run software update asap if you haven't lately. http://support.apple.com/kb/HT5228

There are checks one can perform to see

1: If any of their machines have been seen on the Flashback botnet

http://public.dev.drweb.com/april/

2: Terminal commands to see if their machine is infected (use copy and paste, then press enter)

https://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

3: Preventative methods to avoid becoming infected.

Update Java via Software Update.

Disable Java in all your web browsers preferences (notice Java is not Javascript)

Check your status of all browser plug-ins

https://www.mozilla.org/en-US/plugincheck/

Firefox + NoScript add-on + Temp Allow All Button on Firefox's toolbar to turn on scripts only on sites you trust.

Learn how to make bootable clones, this way a complete erase can occur and a reverse clone done.

https://discussions.apple.com/community/notebooks/macbook_pro?view=documents

4: Resources if one is infected

Data Recovery, wiping entire machine, reinstalling OS X, returning clean files, etc.

https://discussions.apple.com/community/notebooks/macbook_pro?view=documents

All these comments are good and true, but the most critical issue is *DONT DOWNLOAD AND INSTALL OR RUN ANYTHING YOU DONT KNOW*. If oyu didnt go look for it, or if it didnt come DIRETCTLY from a major supplier of software that you use, dont install it.

Grant

A few points that are not clear in this thread.

(1) The advice not to download stuff you don't know anything about is good. Equally, don't OK or enter your password if you're asked to install any software or plugins you don't know about.

However, what is missed is the fact that, in the recent outbreak, a variant of this malware installed itself in the user's home directory WITHOUT ANY USER INTERACTION. You didn't need to download anything, you didn't need to OK anything, all that was needed was to visit a perfectly legitimate blog (hacked w/o its owner's knowleged or permission).

Some may say it's not a big deal. But this malware was looking for on-line banking account numbers and passwords, which it could get and send back to its controller WITHOUT your password. In my world, that's a pretty big deal.

(2) As far as it's known, this vulnerability has been closed by latest Java update. But note that Apple released this update more than a month after the update had been available for Windows. The writing on the wall for Apple's Java has been there for all to see for some time now. Yet Apple said it would support it for this cycle, and a month late in this business is poor support indeed. One more proof that Mac OS X is no longer Apple's Schwerpunkt.

(3) An A/V vendor, Intego, was the first to report infection w/o user interaction, yet, IMHO, A/V software updates failed to keep up the pace. Although I use ClamXav, I shouldn't like to rely on any A/V software for this problem.

(4) The one constant factor in this story has been Little Snitch. The malware either self-destructed if it detected LittleSnitch, or it was caught and blocked due to Little Snitch. This reinforces my opinion that, on current computers, a reverse firewall is essential. On Win there's ZoneAlarm (the basic version is free). There's no free tool for Mac OS X, but there's Little Snitch or Hands Off!. I should not consider using either Mac OS X or Win without one of these.

MLSCOS wrote:

Do I understand correctly that a combination of Little Snitch and ClamXav would be a very effective means to protect my system?

I believe so. Keep in mind that, if you've updated Apple's Java to the latest version, you don't need either. The problem is what happens tomorrow or the day after, when the bad guys will have found another vulnerability to exploit, as, inevitably, they will.

.. so much for all the rhetoric about Macs don't need AV software! 😁

No. Little snitch will only tell you about things coming and going on your network interface ports. Do you really want to stare at the console all the time you are using your Mac. And then if you are able to interpret something as an anomaly you won't be able to do much since it's already passed by you.

ClamXAV is only good for scanning your Mac files for Viruses once it hits your disk. It doesn't actively scan packets coming and going over your network. It will only scan for viruses that have a known signature.

I use something called Intego Virus Barrier 6. It has a static scanning capability but also scnas email arriving, and watches the network for anomalies.

Kapersky is a Russian company.. Hmm.

Your choice.