New Flashback variant making the rounds

Flashback.S installs itself without a password and then deletes files and folders to mask its presence, a security company announces.

Steven Musil
Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Flashback camouflage
An early version of Flashback impersonates an Adobe Flash installer. Intego

A new variant of Flashback, the malware found earlier this month to be infecting hundreds of thousands of Macs, has spawned a new variant, security researchers announced today.

The new variant -- dubbed Flashback.S -- "is actively being distributed in the wild," taking advantage of a Java vulnerability that Apple has already patched, security company Intego said in a statement. The new variant installs itself on the user's home folder without a password and then deletes all folders and files from the Java cache folder to mask its presence.

At its height, the original Flashback, which was designed to grab passwords and other information from users through their Web browser and other applications, was estimated to be infecting more than 600,000 Macs. However, the researchers did not indicate what this new variant was specifically designed to do or how many computers might be infected.

The original malware typically installed itself after a user mistakes it for a legitimate browser plug-in while visiting a malicious Web site. The malware would then collect personal information and send it back to remote servers.

While more than half a million Mac worldwide were thought to be infected by the original malware at the beginning of April, software maker and security firm Symantec last week lowered its estimate of machines that still have the malware to 140,000.

The lowered estimates were due in part to Apple's release of software patches and software tools that both detect and remove the malware. Additionally, ahead of those official tools, Symantec and security firms F-Secure and Kaspersky released their own detection and removal software.