Recent media reports about the OSX.Flashback malware have put the size of the botnet at over 600,000. The botnet is believed to have reached this size by using vulnerabilities such as the Oracle Java SE Remote Java Runtime Environment Denial Of Service Vulnerability (CVE-2012-0507, BID 51261) to spread the malware through exploit kits like Blackhole. This recent Java vulnerability was patched in Windows by Oracle in February 2012. Apple released a patch for Mac users this week which is available as a Software Update.
When a window of opportunity such as this Java vulnerability arises, cybercriminals are quick to take advantage by developing and distributing exploits around it. Symantec has closely monitored the OSX.Flashback threat since 2011. The following has been produced to protect Symantec customers against this malware and the recently related vulnerability:
Intrusion Prevention Signatures
Web Attack: JRE Concurrency CVE-2012-0507 3
Web Attack: Malicious Java Download 6
Web Attack: Malicious Java Download 4
To stay safe, ensure you have the latest patches installed on your system and keep your AV definitions up to date.
Leave a reply