Over 600,000 Macs part of Flashback botnet

Posted on Thursday, April 05 2012 @ 19:32 CEST by Thomas De Maesschalck
Russian security firm Dr.Web claims over 600,000 Mac OS X computers are infected by "Backdoor.Flashback", a Trojan horse that installs itself via a Java-applet.
Malware for OS X, called "Backdoor.Flashback", is running on up to 550,000 different machines mostly located in the United States and Canada. Dr.Web's report is extremely detailed, including an infographic of infections by countries. The botnet stems from machines being redirected to bogus websites, or other traffic distribution systems. Sites used for this are presumably of Russian origin, but the number of sites is currently unknown.

JavaScript code is used to load to a Java-applet containing the actual exploit. At the end of March, a Google search found around four million different page which could be spreading the malware. Some posts on Apple's own user forums describe being infected with the malware when visiting DLink.com; DLink produce routers and similar devices.

Exploits are being distributed over three main weaknesses:

  • CVE-2011-3544
  • CVE-2008-5353
  • CVE-2012-0507
  • Dr.Web initially reported that 550,000 Macs are infected but revised the number to "over 600,000" via a Twitter message.

    Source: Neowin


    About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



    Loading Comments