How to protect your Mac from the new 'Flashback' trojan


Antivirus software company Dr. Web has mapped out the malware infections on Mac computers worldwide.


Dr. Web

Got a Mac? Freaked out that it will fall prey to the massive malware epidemic taking the world by storm? If yes, keep reading. If not, consider indulging in a little (healthy) Apple anxiety.

Over half a million Mac computers have been infected by a trojan horse virus worldwide, the Russian antivirus company Dr. Web announced last week, with The Washington Post today saying it may be one of the biggest attacks on Macs to date.

The trojan can access computers without users' knowledge. It then proceeds to steal their personal information. But it doesn't have to steal yours. Just make sure you: 

  • UPDATE: install Apple's most-recent Java update -- one was issued April 3, a second April 5. If your older Mac is not running Snow Leopard or Lion, click here for instructions. If you're really paranoid, disable Java completely, just be aware that will severely curtail your computer's capabilities. 
  • ALERT: only fill out forms containing sensitive personal information online if the web address prefix is "https," which ensures that information you send will be protected from third-party views.
  • RESIST: do not open links sent by e-mail, even if they're from your Mom. Yes, the trojan can and will masquerade as your Mom.
  • PROTECT: Macs were supposed to be particularly resistant to computer viruses, but as TIME points out, “it’s beginning to look a lot like Windows," so make sure you have installed some form of anti-virus protection software -- one free option here from Sophos.
  • CHECK: Use F-Secure to see if your computer has already been infected. 

The virus -- which has been seen before, and is therefore referred to as "Flashback" in this most recent incarnation -- was first identified in September 2011, according to Mashable, when it wrapped itself in the guise of an Apple Flash Player installer. 

It then changed forms, taking advantage of a loophole in Java programming, according to The Washington Post. Security researcher Mike Geise told the paper because Apple was slow to move on a critical update to the program, the botnet got "a full month of lead time."

Dr. Web's figures have yet to be independently confirmed, but 57 percent of cases are reported in the United States, according to CNET, with nearly 300 reported in Apple's home town of Cupertino, California.

Seems it really knows how to cut to the core.