New release Flashfake Removal Tool For Mac
It is a family of malware that affects Mac OS X. The first versions of this type of threat were detected in September 2011. In March 2012 over 600 000 computers worldwide were infected by FlashBack.
The infected computers have been combined into a botnet, which enables cybercriminals to install additional malicious modules on them at will. One of these modules is known to generate fake search engine results, displaying false results for users and generating profits for cybercriminals via ‘click fraud’. It is quite possible that, in addition to intercepting search engine traffic, cybercriminals could upload other malicious modules to infected computers – e.g. for data theft or spam distribution.
While browsing the Internet, users may find themselves on an apparently legitimate website which has, however, been compromised or specially created by cybercriminals. The user is invited to install or update a new version of Flash Player. If the user agrees, FlashBack requests the admin password and is installed on the system.
Most of the March 2012 infections came from exploiting Java vulnerabilities. The authors of Flashback use numerous websites which, when accessed, automatically download and launch malicious files on the users computer. Read on to find out if your computer is at risk from this Java vulnerability.
Once the system has been infected, FlashBack runs automatically every time the computer is switched on.
What does the Flashback malware do?
According to F-secure, the malware known as a Trojan-Downloader, connects to a remote site and downloads a malicious payload. Once the trojan successfully downloads its payload it then infects the host computer and modifies targeted webpages displayed in the user's web browser. Some reports say the main purpose of the Flashback attack is to capture user login credentials and other personal information.
Other reports suggest that the infected machines may become part of a botnet that could potentially be tasked to carry out large-scale denial of service attacks or other tasks as desired by the botnet's master controller.
How do you know if you are infected?
When it is running, FlashBack tries to connect to 30 sites every day. One of those sites (randomly chosen) hosts the botnet’s command-and-control (C&C) server as deployed by the cybercriminals. Having established a connection, the malicious program passes the victim computer’s IP address and hardware UUID to the C&C.Kaspersky Lab has discovered the operation algorithm of the malicious program, and created a dedicated server that imitates the C&C server that infected computers are supposed to connect to. For several days, this server registered all the infected computers that communicated with it, and recorded their UUIDs in a dedicated database. Thus, we can check if your computer’s UUID is in this database; if so, your computer was (and may still be) infected with FlashBack.
Q:How to remove Flashback/Flashfake
A:It's have 3 method as follows
1. Download Kaspersky Flashfake Removal Tool.It's Free remove Flashfake from Kaspersky at http://support.kaspersky.com/viruses/utility.This Program will autoscan you system and remove any virus from mac.
2. Download Kaspersky Anti-Virus 2011 for Mac.This is a beta antivirus program for mac only at http://www.kaspersky.com/kmac-trial-register.It's can scan malware and protect you system includes that scan Flashback/Flashfake.
3. Check Flashback/Flashfake by youself from introduction by http://flashbackcheck.com
