Mac OS X Flashback Trojan Fix in the Works by Apple

Today Kaspersky's Dennis Fisher brings news that Apple is developing a Flashback Trojan Fix.

First a little clarification about the trojan: this infection is caused by a security flaw in Oracle's Java and isn't a whole per se in OS X. That said, the biggest surprise about the trojan for most people is that Flashback has been around in one form or another for more than six months now.

Yikes.

As most of us know by now more than 600,000 Macs running OSX have been infected, so this isn't a tiny one-off threat. It's a bona fide Mac botnet.

This is really the first time Apple finds themselves in a position Microsoft has long ago mastered: how to handle the three prongs of dealing with a virus outbreak,

1. customers
2. security researchers
3. virus writers

As for the official word from Apple, there's now a document on Flashback malware at Apple's support site.

Unfortunately, it's really nothing more than, Apple is developing software that will detect and remove the Flashback malware.

They do, however, give a good link on how to disable Java in your Mac's browser preferences.

Personally, I don't have Java enabled--never have--and if I find there's some content that requires Java, I turn it on manually for that one site then disable it again.

After all, Java is not the same as Javascript, and since so few sites rely on Java, there's very, very little you'll be missing out on by disabling Java altogether, and heck, if you need it, turn it back on, and shut it off when you're done.