I updated Java, but I do I know that I'm flashback free?

Helpful Links Regarding Flashback Trojan

A link to a great User Tip about the trojan: Flashback Trojan User Tip

A related link in the tip to a checker: Malware Checker Dowload Link

A Google search can reveal a variety of alternatives on how the remove the trojan should your computer get infected. This can get you started.

For now I recommend the User Tip from etressoft to detect and remove:

Checking for and removing the "Flashback" trojan

Kaspersky Flashback Trojan Site:Flashback Trojan Detection and Removal

Also see Apple's article About Flashback malware.

Download the Flashback Removal Tool. It will check for and optionally remove the trojans(s) if detected.

Of all the currently available trojan detection/removal tools this is probably the most up to date and complete tool you can currently use.

Apple just released a Java update today that will remove "common" verisons from your machine...

Updating Java will not remove any infections if you already have one.

Today's update apparently will -

from

About Java for Mac OS X 10.6 Update 8

-----------------

This Java security update removes the most common variants of the Flashback malware.

-------------------

And this page has been updated today:

About Flashback malware

http://support.apple.com/kb/HT5244

It now includes:

----------------------------

Apple has released a software update for systems running OS X Lion and Mac OS X v10.6 that will update Java to fix the security flaw, and remove the Flashback malware if it is present

----------------------

And the new update is marked ... recommended for all mac users with Java INSTALLED. Does that mean that if Java has been disabled (which is what most people seem to have done) the update can be Ignored.

Indeed, if Java has been disabled I assume the update will not be effective anyway.

So, do we enable Java in our browsers, download the update then disable Java ... so we can be prepared, if at some future date for some particular reason we need to have Java enabled.

It's getting more complex by the hour.

That is correct. If you don't have Java installed or if you have disabled it, then the update is not needed. You do not need it unless you intend to use (enable) Java. In that case you would download it.

You don't need to change anything. Java remains "installed" after you disable it, and the software update will still update it to the latest version.

This Java security update removes the most common variants of the Flashback malware.

What about the not so common and newly emerging ones, he asks himself. I'll answer myself. I suppose Apple is doing a nice CYA by saying "if you don't use Java, disable it in your web browser."

If you do not use Java applets, it is recommended that you disable the Java web plug-in in your web browser.

In other words, take the hint. Don't rely on this update.

jsd2 wrote:

Today's update apparently will -

from

About Java for Mac OS X 10.6 Update 8

-----------------

This Java security update removes the most common variants of the Flashback malware.

-------------------

Yes, I just saw that tonight.

Yep, I guess I should have said it more clearly in my post above. Apple called it a "java update."

Actually, it removed the infection on my machine.

EDIT: sorry, just saw your latest post

WZZZ wrote:

What about the not so common and newly emerging ones, he asks himself. I'll answer myself. I suppose Apple is doing a nice CYA by saying "if you don't use Java, disable it in your web browser."

The older variants of FlashBack didn't rely on any Java vulnerability to begin with -- they were simple Trojans that had to trick users into clicking on something to be installed, similar to the earlier Mac Defender trojans. These older variants were rarely encountered "in the wild" & apparently the C&C servers they contacted never actually went fully "live." Basically, they weren't ever common or much of a threat.

The latest, most common variants of FlashBack are examples of "drive by" malware -- users don't have to do anything besides visit a maliciously crafted web page for the first part of the malware to run on their Macs. That part exploits the now patched Java vulnerabilities to install or modify files that in turn attempt to contact a new set of C&C servers to download the payload that does the actual infection, get further instructions, or send compromised data back to these servers.

Unless & until the attackers can find a different, still unpatched Java vulnerability to exploit, Apple's updates have shut the door on any Flashback variant that relies on Java. Of course, this is possible, but it is also possible attackers will find some completely different method of attack.