April 6, 2012 at 1:18 PM ET
Apple has now issued the second software update this week in order to patch the vulnerability in Java software that allowed the malware to spread to up to 600,000 Mac computers.
Intego, maker of Mac security software, said the malware, known as Flashback, has "changed greatly from its first incarnation. Initially a fake Adobe Flash installer (hence the name Flashback), it later changed to impersonate a Software Update dialog, before using Java vulnerabilities to install."
Once installed, the malware can be used by criminals to steal personal information, including passwords.
Intego said that as of Thursday, "all of the servers that were providing the Flashback malware seem to be off-line; this is likely to do the activities of the many security companies that have worked on exposing this malware and the servers it uses. However, the command and control servers are still active, so those Macs that are infected are still vulnerable to data theft and more."
Besides, the firm said, it is "likely that this malware will be back in another guise in the future. But for now, the most important thing users can do is make sure that they update Java – as well as apply any other security updates that they haven’t installed yet – to be protected in case the Flashback servers come back online."
Mac users can get Apple's security fix by clicking on Software Update in the Apple menu. The fix applies to those using Mac OS X 10.6 Snow Leopard and OS X 10.7 Lion.
Apple issued a first fix earlier this week, then updated that fix Thursday. Said Intego:
It is possible that Apple discovered a minor glitch in the first update, necessitating a new release. It seems that this update is only available for Lion, whereas the first update was for both Snow Leopard and Lion.
In any case, it is essential that all Mac users apply this update. The Flashback malware has been very active in the wild, and can install with no user interaction, if Java is not patched.
If you're not sure whether your Mac is infected, security firm F-Secure has instructions on how to find out if you do and how to remove the malware.