Fast-growing Flashback botnet includes over 600,000 Macs, experts say
Java-based attacks against Mac users resulted in over 600,000 Mac computers being infected with the Flashback Trojan horse
IDG News Service - More than 600,000 Macs have been infected with a new version of the Flashback Trojan horse that's being installed on people's computers with the help of Java exploits, security researchers from Russian antivirus vendor Doctor Web said on Wednesday.
Flashback is a family of Mac OS malware that appeared in September 2011. Older Flashback versions relied on social engineering tricks to infect computers, but the latest variants are distributed via Java exploits that don't require user interaction.
On Tuesday, Apple released a Java update in order to address a critical vulnerability that's being exploited to infect Mac computers with the Flashback Trojan horse.
However, a large number of users have already been affected by those attacks, Doctor Web said in a report issued on Wednesday. The company's researchers have managed to hijack a part of the Flashback botnet through a method known in the security community as sinkholing, and counted unique identifiers belonging to more than 550,000 Mac OS X systems infected with the Trojan horse.
Over 300,000 of the Flashback-infected Macs, or 56% of the total, are located in United States, while over 100,000 are located in Canada, Doctor Web said. The U.K. and Australia are next, with 68,000 and 32,000 infected Macs, respectively.
The botnet is growing at a rapid rate. Hours after Doctor Web issued its report, Ivan Sorokin, one of the company's malware analysts announced on Twitter that the botnet had grown to over 600,000 infected computers. He also said that 274 Macs infected with the new Flashback variant were located in Cupertino, the U.S. city where Apple has its headquarters.
F-Secure, the antivirus vendor that warned about the new Flashback attacks on Monday, couldn't confirm Doctor Web's estimate of the botnet's size. The company doesn't have good statistics on Mac malware, F-Secure's chief research officer Mikko Hypponen, said Wednesday on Twitter.
Doctor Web recommended that Mac users install the latest Java patch released by Apple, while other security companies went further, advising them to disable the Java plug-in in their browsers altogether if they don't use Java-based Web applications. Uninstalling Java from the system completely is also an option if it is not required for other desktop applications.
- A Reference Architecture for the Internet of Things The aim of this is to provide Architects and Developers of IoT projects with an effective starting point that covers the major requirements...
- How to Reduce Hardware & Infrastructure Costs Through Data In this paper, we take a look at how organizations are revisiting their network and server architecture in a bid to address the...
- Software Build Acceleration, Analytics and Build Clouds Discover how to dramatically speed up software builds by automatically distributing build jobs over scalable resource clouds and multi-core desktops, with potential savings...
- Printer Installer: Eliminating Print Servers Printer Installer is an on-premise web application that enables you to centrally manage and deploy Windows shared or direct iP printers.
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!