From F-Secure Antivirus Research Weblog:
A new Flashback variant (Mac malware) has been spotted exploiting CVE-2012-0507 (a Java vulnerability). We've been anticipating something like this for a while now. [Screenshot]
Oracle released an update that patched this vulnerability back in February... for Windows.
But — Apple hasn't released the update for OS X (yet).
It appears that the Flashback gang is keeping up with the latest in exploit kit development. Last week, Brian Krebs reported that the CVE-2012-0507 exploit has been incorporated into the latest version of the Blackhole exploit kit. And that's not all. Though it is unconfirmed, there are rumors of yet another available exploit for an "as-yet unpatched critical flaw in Java" on sale.
So if you haven't already disabled your Java client, please do so before this thing really become an outbreak. Check out our previous post for instructions on how to disable Java on your Mac.
Our previous instructions on how to check whether you are infected with Flashback is still applicable. However, for this variant, there is an additional updater component that is created in the infected user's home folder. By default it is created as "~/.jupdate".
Related: New Java Attack Rolled into Exploit Packs
Looking for tech help?
Whether you’re looking for dependable tech advice or offering helpful tricks, join the conversation in our forums.