Skip to comments.Fast-growing Flashback Botnet Includes Over 600,000 Macs, Malware Experts Say
Posted on 04/05/2012 5:45:29 AM PDT by iowamark
More than 600,000 Macs have been infected with a new version of the Flashback Trojan horse that's being installed on people's computers with the help of Java exploits, security researchers from Russian antivirus vendor Doctor Web said on Wednesday.
Flashback is a family of Mac OS malware that appeared in September 2011. Older Flashback versions relied on social engineering tricks to infect computers, but the latest variants are distributed via Java exploits that don't require user interaction.
On Tuesday, Apple released a Java update in order to address a critical vulnerability that's being exploited to infect Mac computers with the Flashback Trojan horse.
However, a large number of users have already been affected by those attacks, Doctor Web said in a report issued on Wednesday. The company's researchers have managed to hijack a part of the Flashback botnet through a method known in the security community as sinkholing, and counted unique identifiers belonging to more than 550,000 Mac OS X systems infected with the Trojan horse.
Over 300,000 of the Flashback-infected Macs, or 56 percent of the total, are located in United States, while over 100,000 are located in Canada, Doctor Web said. The U.K. and Australia are next, with 68,000 and 32,000 infected Macs, respectively.
The botnet is growing at a rapid rate. Hours after Doctor Web issued its report, Ivan Sorokin, one of the company's malware analysts announced on Twitter that the botnet had grown to over 600,000 infected computers. He also said that 274 Macs infected with the new Flashback variant were located in Cupertino, the U.S. city where Apple has its headquarters.
F-Secure, the antivirus vendor that warned about the new Flashback attacks on Monday, couldn't confirm Doctor Web's estimate of the botnet's size...
(Excerpt) Read more at pcworld.com ...
That is impossible: the Mac is unsinkable.
Thanks for the info.
600,000 systems infected is nothing alongside 60,000,000 users who will have to think twice before posting the ‘Get a Mac’ line on every computer thread.
Must be the reason neither Flash nor Java Runtime are installed in OS X Lion by default. They are both ‘ports of entry’ for viruses.
if you put java on it, you get your problem. So the issue is java. I suppose that too fine a point for most to bother with.
Java developers are obnoxious, and I’d attribute the problem to that.
Ditto on both of your posts.
You mean it’s not? </sarc>
That line of thought is the equivalent of spending $9.99 for after market tires for your Ford Explorer and then blaming Ford for the blowout you get on the highway.
It would be if I really meant it.
This does not compute.
Macs are perfect. Deal with it.
No other companies corroborate this claim... nor does it make sense. . . since this can install only on Macs that have an OPTIONAL install of the Java runtime library applet, not FLASH. The Trojan itself has been found on only a small number of obscure websites... and to infect such a large number of Macs, all of which would have to be running an older install of OSX (Leopard or older), it would have to be found on numerous popular and frequently visited websites! It simply is not on such websites that Mac users would frequent. Here is a list of the example websites Doctor Web says they found the malware that would infect Macs:
I don't find THOSE websites to be the type that Mac users would visit!
The rate of infection this company was reporting smacks of the kind we saw with viral infections, not Trojan installations.
In addition, Apple pushed out a patch for Java that fixed this variation of the Flashback vulnerability early Tuesday morning... and since even OSX Leopard Macs are updating their malware definition files daily, I find it even more unlikely that this story is credible.
Does this trojan exist? Yes. Is it in the wild? Yes. It is one of the 20-22 known OSX trojan horse applications out there now... that the OSX system will prevent from being downloaded or installed without the user over-riding the built-in protections. Has it infected 600,000 Macs and made them into a botnet? I highly doubt it.
Frankly, it sounds like FUD to me.
If you want on or off the Mac Ping List, Freepmail me.
Apple HAS pushed out another JAVA update... This one listed as 2012-002 today. It repairs some issues, unrelated to security, with the one released earlier as 2012-001.
I have been searching forums... and so far, none of the 600,000 infected have reported they have been infected. Strange, don’t you think? It’s easy to check for and remove this infection, but no one is finding it.