Mac Attack: 600,000 Infected With Flashback

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Over half a million Apple Macs are infected with the Flashback Trojan, a Russian security firm has warned

A Flashback variant dubbed Backdoor.Flashback.39 has apparently infected 600,000 Apple Macs around the world.

The days when Apple users could be confident about the lack of malware and trojans on Mac platforms seem to be long gone.

The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year.

600,000 Macs

The fresh warning came from the Russian antivirus firm, Dr Web. It first issued the warning that 550,000 Macs were infected in a blog posting on its website, but then offered an increased assessment of the number of infected Apple machines on Twitter.

“@mikko, at this moment botnet Flashback over 600k, include 274 bots from Cupertino and special for you Mikko – 285 from Finland,” said the tweet.

The Mikko reference is to Mikko Hypponen, the chief research officer of F-Secure, who said that his company could not confirm or deny the Dr Web figure of 550,000 infected Macs.

According to the Dr Web blog posting, “systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit.”

The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download a malicious payload from a remote server and to launch it.

“Doctor Web’s virus analysts discovered a large number of websites containing the code,” warned the firm, identifying mostly Russian websites that Apple users should stay clear of.

“Attackers began to exploit CVE-2011-3544 and CVE-2008-5353 vulnerabilities to spread malware in February 2012, and after 16 March they switched to another exploit (CVE-2012-0507). The vulnerability has been closed by Apple only on April 3 2012,” said Dr Web.

Global infections

The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs.

Doctor Web recommended Mac users download and install Apple’s security update to prevent infection of their systems by BackDoor.Flashback.39.

What do you know about Internet piracy? Try this week’s quiz and find out!