[ISN] Flashback trojan reportedly controls half a million Macs and counting

From: InfoSec News <alerts_at_private>
Date: Thu, 5 Apr 2012 01:49:42 -0500 (CDT)
http://arstechnica.com/apple/news/2012/04/flashback-trojan-reportedly-controls-half-a-million-macs-and-counting.ars

By Jacqui Cheng
ars technica
April 4, 2012

Variations of the Flashback trojan have reportedly infected more than 
half a million Macs around the globe, according to Russian antivirus 
company Dr. Web. The company made an announcement on Wednesday—first in 
Russian and later in English—about the growing Mac botnet, first 
claiming 550,000 infected Macs. Later in the day, however, Dr. Web 
malware analyst Sorokin Ivan posted to Twitter that the count had gone 
up to 600,000, with 274 bots even checking in from Cupertino, CA, where 
Apple's headquarters are located.

We have been covering the Mac Flashback trojan since 2011, but the most 
recent variant from earlier this week targeted an unpatched Java 
vulnerability within Mac OS X. That is, it was unpatched (at the time) 
by Apple—Oracle had released a fix for the vulnerability in February of 
this year, but Apple didn't send out a fix until earlier this week, 
after news began to spread about the latest Flashback variant.

According to Dr. Web, the 57 percent of the infected Macs are located in 
the US and 20 percent are in Canada. Like older versions of the malware, 
the latest Flashback variant searches an infected Mac for a number of 
antivirus applications before generating a list of botnet control 
servers and beginning the process of checking in with them. Now that the 
fix for the Java vulnerability is out, however, there's no excuse not to 
update—the malware installs itself after you visit a compromised or 
malicious webpage, so if you're on the Internet, you're potentially at 
risk.

If you think one of your machines may be infected, F-Secure has 
instructions on how to use the Terminal to find out.

[...]


_______________________________________________
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Received on Wed Apr 04 2012 - 23:49:42 PDT

This archive was generated by hypermail 2.2.0 : Wed Apr 04 2012 - 23:51:23 PDT