As I predicted, I have not detect the Mac Flashback Trojan on any of our client’s Macs that we manage, and many security experts are now estimating that the claims that over a half million Macs were infected could have been inflated by 2-3 times. Kaspersky Labs is currently reporting an 84% reduction in the Flashback’s install base since early April.
Apple has released Java updates for both OS X 10.7 Lion and OS X 10.6 Snow Leopard that patch the vulnerability this Trojan exploited, plus they install and run a small program called MRTAgent (Malware Removal Tool) that scans for and removes the Flashback Trojan if found. In addition these Java updates implement a new feature that automatically disable the Java web plug-in if unused for more than 35 days. The user has the option to re-enable, but it will continue to be disabled if Java applets are not run for an extended amount of time.
Apple also released an update for OS X 10.5 Leopard called Flashback Removal Security Update, which also installs and runs MRTAgent, plus disables the Java web plug-in if unused for more than 35 days.
Since Java is not installed by default in Lion, Apple additionally released Flashback malware removal tool, which just installs and runs MRTAgent on Macs running Lion that never had Java installed.
All of these updates are available via Software Update.
As mentioned previously: If you are an All Covered Chicago client, and we manage your Macs, you don’t need to worry about being infected by this Trojan. In addition to automatically pushing out Apple security updates to Macs, we have also run proactive scripts daily that check for the Flashback Trojan.