Mac Trojan top

Mac Attack: 600,000 Infected With Flashback

Over half a million Apple Macs are infected with the Flashback Trojan, a Russian security firm has warned

On by Tom Jowitt 8

A Flashback variant dubbed Backdoor.Flashback.39 has apparently infected 600,000 Apple Macs around the world.

The days when Apple users could be confident about the lack of malware and trojans on Mac platforms seem to be long gone.

The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year.

600,000 Macs

The fresh warning came from the Russian antivirus firm, Dr Web. It first issued the warning that 550,000 Macs were infected in a blog posting on its website, but then offered an increased assessment of the number of infected Apple machines on Twitter.

“@mikko, at this moment botnet Flashback over 600k, include 274 bots from Cupertino and special for you Mikko – 285 from Finland,” said the tweet.

The Mikko reference is to Mikko Hypponen, the chief research officer of F-Secure, who said that his company could not confirm or deny the Dr Web figure of 550,000 infected Macs.

According to the Dr Web blog posting, “systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit.”

The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download a malicious payload from a remote server and to launch it.

“Doctor Web’s virus analysts discovered a large number of websites containing the code,” warned the firm, identifying mostly Russian websites that Apple users should stay clear of.

“Attackers began to exploit CVE-2011-3544 and CVE-2008-5353 vulnerabilities to spread malware in February 2012, and after 16 March they switched to another exploit (CVE-2012-0507). The vulnerability has been closed by Apple only on April 3 2012,” said Dr Web.

Global infections

The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs.

Doctor Web recommended Mac users download and install Apple’s security update to prevent infection of their systems by BackDoor.Flashback.39.

What do you know about Internet piracy? Try this week’s quiz and find out!

Tom Jowitt
Author: Tom Jowitt
Freelance TechWeek Reporter
Tom Jowitt Tom Jowitt Tom Jowitt
Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment

8 replies to Mac Attack: 600,000 Infected With Flashback

  • On April 5, 2012 at 2:48 pm by Mytob

    Looks like everyone should start to consider getting an antivirus. Was only a matter of time with the increasing popularity of mac.

    • On April 5, 2012 at 3:40 pm by Apple Cult Member

      This is all lies and disinformation. Everyone knows that Macs are invulnerable to spyware and malware. That is why OSX does not even turn the firewall ON.

      Because Macs are so incredibly secure, well-made, and impeccably designed, no virus or malware would DARE to try and infect one.

      Surely there is some mistake and this article is about Windows being infected by yet another virus.

      Macs cannot be infected by viruses, because Apple users say so. And anyone using an Apple device is always right.

      /end sarcasm

      • On April 5, 2012 at 6:17 pm by Me

        lord….. Way to keep the old Mac vs Windows war going. I cant wait for the day everyone just uses whats works for them.

        Maybe we should all drive the same cars also? We all know Fords break down and Chevys never have problems…..

        /end The Truth

  • On April 5, 2012 at 4:04 pm by Dan Wood

    I didn’t know there WERE 600,000 Macs. Live and learn!

  • On April 5, 2012 at 6:47 pm by Tobias Wright

    600,000 eh? How is that really headline news? PC’s get infected regularly and it’s not a daily news update… Although, on a PC this problem would have been fixed by the end of the day. Week at the longest.

    Just saying.

  • On April 5, 2012 at 9:10 pm by Marb

    Sorry for the Apple haters, but this is a problem in Java. By Oracle.

  • On April 6, 2012 at 4:20 am by Jor

    Half a million infected macs is a trivial number of macs. Doesn’t compare with the usual infectionrate for pc’s.

    Also – Macs are still largely invulnerable to malware. The mac OS was not vulnerable in this case. The Flash updater has the vulnerability.

    .. also.. one reason the Macs remain largely invulnerable is because few hacker dumbasses know their way around the UNIX OS underlying the Mac OS. They shit their pants every time they have to deal with a secure perfected technology. UNIX is not and never was a consumer grade OS. That’s why you Windows bozos will continue to simmer in a jealous rage everytime someone points out us Mac users still don’t have to use AV products in our machines.

  • On April 7, 2012 at 3:50 pm by Karl

    Im not totally supprised by this, I’ve been cleaning malware off of my Mac with ClamXav for the past few months. I always keep it up to date and I still had my Mac sending spam until ClamXav helpped find and remove the problem.

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>