We have gotten several questions about this, so I thought I would post here publicly. Normally, it's policy to not comment on threats added to our definitions, since we consider it part of our job--we don't like to toot our own horn, so to speak. But this has received a fair amount of press. See here:
http://arstechnica.com/apple/news/2012/04/flashback-trojan-reportedly-controls-half-a-million-macs-a...
For those unfamiliar, the implementation of Java in Mac OS X has a vulnerability that lets a malicious Web site gain access to your Mac. When you visit a Web site with the maliciou Java applet, it downloads a trojan to your Mac. If you run the trojan, it sets up a "bonet" that can remotely control your Mac, all just by visiting a harmful Web page.
Norton will protect you in the following ways:
- Norton SafeWeb, part of the Safe Surfing feature in Norton internet Security, will block these harmful Web pages after they have been classified as "bad" by SafeWeb. This will block Web sites that are known to be harmful
- Norton Vulnerability Protection, part of Norton AntiVirus and Norton Internet Security, detects the harmful Java applets in several of its signatures. It also reports these Web sites to Norton SafeWeb, so they become part of the Norton SafeWeb list of "bad web sites".
- Norton DeepSight, part of Norton Internet Security, will block the trojan's activity to the botnet, if you set it to block "Incoming and Outgoing connections".
- Norton AntiVirus will detect the threat that the trojan that the Java applet downloads to your Mac.
You can make sure you have the latest virus and vulnerability poteection definitions by running LiveUpdate manually, but these definitions should have been downloaded already. No further action should be necessary unless you are already infected. You can enable the additional protection Norton DeepSight provides by changing it to block outgoing connections.
Ryan McGann
Principal Software Engineer
Macintosh Products & Solutions
Symantec
