Recent media reports about the OSX.Flashback malware have put the size of the botnet at over 600,000. The botnet is believed to have reached this size by using vulnerabilities such as the Oracle Java SE Remote Java Runtime Environment Denial Of Service Vulnerability (CVE-2012-0507) to spread the malware through exploit kits like Blackhole. This recent Java vulnerability was patched in Windows by Oracle in February 2012. Apple released a patch for Mac users this week which is available as a Software Update.
When a window of opportunity such as this Java vulnerability arises, cybercriminals are quick to take advantage by developing and distributing exploits around it. Symantec has closely monitored the OSX.Flashback threat since 2011. The following detections have been produced to protect Symantec customers against this malware and the recently related vulnerability:
Intrusion Prevention Signatures
- Web Attack: JRE Concurrency CVE-2012-0507 3
- Web Attack: Malicious Java Download 6
- Web Attack: Malicious Java File Download 4
To stay safe, ensure you have the latest patches installed on your system and keep your antivirus definitions up to date.
Update: Detection for the particular variant that uses the Java vulnerability to infect Macs has been renamed to OSX.Flashback.K.