Flashback malware infects 2% of all Macs
Second source confirms massive Mac infestation, claims more than 600K machines compromised
Computerworld - Nearly 2% of the Macs whose owners have checked their computers have been infected with the Flashback malware, according to a Russian antivirus company.
Of the 55,000 users who have used Dr. Web's free tool to determine whether their Macs had been infected by Flashback, just over 1,000 have been told their computers harbor the malware and are part of a growing botnet.
That means approximately 1.8% of the checked Macs are infected.
To put the Flashback infection rate into context, Conficker, a worm that plagued massive numbers of PCs from the fall of 2008 through the spring of 2009, infected as many as 4%-5% of all Windows systems at its most active.
Dr. Web's free tool matches the UUID (universally unique identifiers), a fingerprint of each individual Mac, to the list of infected systems the company compiled after "sinkholing," or commandeering, a command-and-control (C&C) server that took calls from compromised computers.
The tool's data is not a scientific survey, of course, since users must steer to the Web-based tool manually, likely after reading about the Flashback malware and suspecting that their Mac has been infected.
Last week, Dr. Web estimated that more than half a million Macs had been hit with Flashback through social engineering trickery and drive-by attacks that silently exploited a critical vulnerability in Oracle's Java.
Also last week, Apple patched Java for Mac OS X users, but the fix came seven weeks after Oracle quashed the bug for Windows and Linux users. Apple maintains Java for its users, a practice that has prompted some experts to bash the company's lethargic patching, which has lagged behind Oracle by months in some cases.
Dr. Web later revised its estimate of hijacked Macs to more than 600,000.
Kaspersky analyzed Flashback's communications technique, and on Thursday registered a C&C domain before the hackers could get to it. The infected machines then contacted that domain.
Kaspersky counted approximately 600,000 computers that connected to the server.
While the antivirus company would not go so far as to claim that all of those systems were running Mac OS X, it said other tools hinted that 98% of them were, in fact, Macs.
Some security experts pointed to Apple's slow patching as a factor in Flashback's success. "Apple was really behind the timeline here," said Mike Geide, senior security researcher at Zscaler ThreatLabZ, in an interview last week.
Hackers had a seven-week window to examine Oracle's patch before Apple released its fix.
"What's going to be really, really interesting is when the next major Java vulnerability appears," said Geide. "What will Apple's response be the next time around?"
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- New Yosemite dev preview may herald public beta update later this week
- iPhone 5C's China bust raises questions about Apple's pricing for '14 models
- Mac sales so far in '14 may signal share push
- China scrubs Apple's iPad and MacBooks from government buying list
- Circle the date: Apple's iPhone 6 event slated for Sept. 9
- Stable Mac prices fuel reliable profit engine
- Apple unveils minor bumps to MacBook Pro laptops
- Feds arrest Florida man who allegedly conned Apple out of $309K
- Yosemite's traffic share triples after public beta debuts
- Apple hasn't exhausted its supply of Yosemite betas
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts