Intego has announced the discovery of yet another variant of Flashback. The new variant, called Flashback.N, is based on the previous Flashback.G, and it also uses Java to get its dirty work done. Worse, Intego now claims that Flashback is made by the same people who were behind the MacDefender malware last year!
According to Intego’s report, Flashback.N uses a new trick, displaying a password request window that appears to be related to Software Update. After you enter your password, malicious code is injected into Safari. In typical fashion, however, Intego provides very few details about how all this works. It sounds like Java is required for this social exploit to be possible, though Intego does not actually say so. Regardless, it would be a very good idea to disable Java in your web browser if you have not already done so. In Safari, this is done by unchecking Enable Java in the Security pane of the preferences window (accessed by choosing Preferences from the Safari menu).
In Firefox, select Add-ons from the Tools menu, and in the Plugins pane, disable anything related to Java:
Once you have disabled Java, you should be safe from Flashback.G and Flashback.N. If you do need to use a legitimate site that requires Java (I haven’t seen one in years, but I’m sure they must exist), simply enable Java while on that site and disable it again when you’re finished.
Regarding Intego’s statement that Flashback is made by the author(s) of MacDefender, the evidence they present seems fairly shaky. Of course, they often are very sparse with details, so there may be more compelling evidence that we are unaware of. We’re forced, more or less, to take their word for it. If true, however, that would be highly concerning. If the creator(s) of MacDefender is/are still out there, and not languishing in Russian prison with the folks who were processing the credit card “payments” for MacDefender, then they are highly-intelligent, and will have learned how to perfect their attacks through the MacDefender outbreak. Perhaps that is why the Flashback malware has been flying more “under the radar” with regard to mainstream media, and has thus far failed to garner the same kind of attention that MacDefender did. Which is ultimately very bad for the good guys and very good for the bad guys!
