600,000 Macs Infected By Flashback Trojan

by Christopher Freeburn | April 5, 2012 11:36 am

Some years ago, Apple (NASDAQ:AAPL[1]) trumpeted the relative lack of Mac OS-based viruses and malware as a selling point for its computers over Windows-based PCs. The company hasn’t included such claims in its recent advertising, though — perhaps because a new crop of malware is beginning to target Apple computers.

Computer World’s IT Blogwatch reports that Russian computer experts have detected more than 600,000 Macs infected with malware[2] and acting together as a botnet — a group of computers controlled by malware without their owners’ knowledge.

A statement posted[3] on Russian antivirus developer Doctor Web’s website said that the Macs were “infected with BackDoor.Flashback.39 after [users were] redirected to a bogus site from a compromised resource or via a traffic distribution system.” Doctor Web noted that the new malware exploits a flaw in Oracle’s (NASDAQ:ORCL[4]) Java code and had been spreading since February of this year. The Russian firm indicated that 56% of the affected Macs were based in the U.S., with Canada and the United Kingdom following at 19.8% and 12.8%, respectively.

According to PC World, Apple issued a security update[5] to inoculate Macs against the attack on April 3. Previous versions of the malware required user action to infect Macs, but the new bug installs itself automatically.

Doctor Web said that its team had gained control of a part of the Flashback botnet through via sinkholing — a technique that permits hackers to hijack Internet-connected computers — and identified 550,000 Mac OS X systems with the Flashback infection on April 4. Shortly after Doctor Web released its initial report, Ivan Sorokin, one of Dr. Web’s experts, Tweeted that the number of infected machines had risen by 100,000, including 274 Macs in Apple’s headquarter hometown of Cupertino, Calif, PC World said.

Other antivirus firms have not yet verified the extent of the Flashback infection described by Doctor Web; however, many, including F-Secure have issued previous advisories to users about potential Flashback problems, PC World reported. Doctor Web advised Mac users to quickly install the software patch released by Apple. Others, however, suggested that Mac users completely disable Java or uninstall the software if possible, PC World noted.

Online cyber crime journalist, Brian Krebs, upbraided Apple[6] for its slow response to the threat on his website, noting that such “dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware.”

Endnotes:

  1. AAPL: http://studio-5.financialcontent.com/investplace/quote?Symbol=AAPL
  2. infected with malware: http://blogs.computerworld.com/19989/biggest_apple_botnet_discovered_600k_macs_infected?af
  3. statement posted: https://news.drweb.com/show/?i=2341&lng=en&c=14
  4. ORCL: http://studio-5.financialcontent.com/investplace/quote?Symbol=ORCL
  5. issued a security update: http://www.pcworld.com/businesscenter/article/253268/fastgrowing_flashback_botnet_includes_over_600000_macs_malware_experts_say.html
  6. upbraided Apple: http://krebsonsecurity.com/2012/04/urgent-fix-for-zero-day-mac-java-flaw/#more-14538

Source URL: https://investorplace.com/2012/04/600000-macs-infected-by-flashback-trojan/