Sign up for a new account or log in here:
Investigations by Russian antivirus firm Dr. Web have concluded that more than 600,000 Mac computers are currently infected by the new strain of Flashback Trojan, with a massive 56.6% of the total infected machines believed to be in the US alone. Apple released an update earlier this week to patch vulnerabilities in Java that could be exploited to run malicious code in a victim's computer, including the newest strain written of the Trojan in question, but this will only protect those that are not already compromised by the malware.
Dr. Web revealed on their website yesterday morning that the Flashback botnet was some 550,000 strong. Later that day, malware analyst Sorokin Ivan revised that figure to more than 600,000 on Twitter.
According to Dr. Web, the US has the most infections with 56.6% of the total infected with the BackDoor.Flashback.39 malware. Of the 300,000 plus infected machines, the Russian antivirus firm also revealed 274 were from Cupertino. Canada had the second highest infection rate with 19.8%, the UK has 12.8% and in fourth place with 6.1% of the total number of infected machines in Australia.
Internet security firm F-Secure has published detailed instructions on how to verify and remove the Trojan should your Mac computer already be infected. Interestingly, they state that the malware can infect a computer even without administrative permissions. "Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done."
The initial route to infection follows the same path. First the user visits a website which has been infected with the Flashback malware. Upon loading the infected webpage the script is executed, and it then immediately checks for the presence of several antivirus products. Should the presence of any be detected, the script then deletes itself and takes no further action.
If it doesn’t find anything, the malware then connects to a specified URL and downloads the payload. It then proceeds to install this payload, and infects the Mac computer. It appears to do this in one of two separate ways, dependent on whether you give administrative permissions.
.
For those that refuse to grant them, the malware searches for Microsoft Office 2008, 2011 and Word applications, as well as for Skype. If it fails to find these it then creates several files in the userspace area and creates a launch point in the "~/.MacOSX/environment.plist" location of the Mac user’s home folder.
Those that grant administrative permission will find the infection follows another pathway, creating several files inside Safari’s "/Applications/Safari.app/Contents/Resources" folder, and the creation of a launch point in "/Applications/Safari.app/Contents/Info.plist" to start the malware when Safari is run.
Another note of particular interest is the way the code has been written. It appears to take complete advantage of the average Mac users’ notion that their computer can’t get infected and therefore doesn’t need an antivirus product installed. Those using certain internet security products will therefore not have been infected but it appears to have been written to specifically target those that don't have any installed.
It's also important to note that the installation of the latest security patches from Apple is not enough to resolve the issue for those already infected. Many are now questioning whether Apple could have done more to prevent infections on such a massive scale, especially since Oracle had patches available back in February, but Apple took almost two months longer to release them on their platform.
Related Products from Product Finder
Apple iPad
The Apple iPad (3rd-gen) includes a Retina Display operating at a resolution of 2,048 x 1,536. Powering the new iPad is a dual-core A5X processor with quad-core graphics, it also gets upgraded optics in the form of a 5MP backside illuminated sensor that features a 5-element lens, IR filter and ISP built into the A5X chip. Apple claims The new iPad is good for 10 hours of battery life and nine hours when using 4G LTE.
Apple iPhone 4S
The iPhone 4S looks identical to last year's model but comes in a new 64GB flavor and upgrades the camera to include an 8-megapixel sensor with improved low-light performance and 1080p video capture. In terms of performance the new iPhone is reportedly up to 2x faster and is also capable of running on faster HSPA+ networks, reaching theoretical download speeds of up to 14.4Mbps.
Apple iMac 21.5 inch - Spring 2011 Edition - Intel Core i5
The Apple iMac 21.5 inch / Spring 2011 Edition is outfitted with a 1080p LED-backlit display, a 2.5GHz quad-core Intel Core i5 processor, an AMD Radeon HJD 6750M discrete graphics chip, and a 500GB 7200RPM HDD. It features a built-in "FaceTime HD" camera, integrated speakers, a slot-loading DVD burner, an IR receiver, an SDXC card slot, four USB 2.0 ports, audio in/out jacks, one FireWire 800 port, Gigabit Ethernet, as well as 802.11n Wi-Fi and Bluetooth 2.1. The 21.5-inch iterations receive a single Thunderbolt port
Apple MacBook Pro 13.3 inch - Winter 2011 Version - Intel Core i5
Read expert reviews, pros & cons, and product information about Apple MacBook Pro 13.3 inch - Winter 2011 Version - Intel Core i5. There are 17 reviews available so far.
User Comments: 41
Got something to say? Post a comment-
SNGX1275 said:
MilwaukeeMike - For now, it apparently is just checking in with botnet servers. I presume that it could so something malicious in the future, like use all the infected comps to attack a website. I haven't heard about it gathering data sniffing for passwords or anything, but I suppose that is a possibility too.
As I mentioned above (in response to the contents of the article) this thing doesn't attempt to install itself anymore once it discovers if you have any AV (or in the second instance if you have word, office, skype). It actually goes so far as to remove itself if it finds those. It is actively doing this.. for what reason? I don't know that answer, and why those apps? Wouldn't put it past some security consultant to have created this for one or more AV producers for Macs. I'm not saying thats the case, esp by backing out (if you didn't give it your password) when it sees word, office or skype. But it is odd.
I can only but speculate as to why that is, maybe it only wants to spread among the ignorant! lol
-
I don't believe that the case is that it backs out when it sees those MS products, rather that the torjan tries to install itself in any of those locations.
-
I don't believe that the case is that it backs out when it sees those MS products, rather that the torjan tries to install itself in any of those locations.
No that is false. It modifies /Applications/Safari.app/Contents/Info.plist and creates ~/.MacOSX/environment DYLD_INSERT_LIBRARIES.
If you are going to disagree with an idea, then you should explain why you disagree.
It is "trojan" not "torjan" anyway.
-
davislane1 said:
Can't believe people still believe these things (I use a mac) are impervious to viruses/trojans. In fact, I'm a bit surprised that only 600,000 machines have been infected, given the care-free attitude most Mac users have about security.
-
Well call me an ***** but I have no antivirus. What I have is several cisco routers ah asa 5010 appliance. Let me see 20 bucks on ebay. You can have an enterprise set up for couple of hundreds. Who thought inflation was such a blessing.
-
mevans336 said:
NTAPRO said:Of course the US would have the highest percentage
Because Apple products sell highest in the US. Apple doesn't even rank in the top 25 worldwide.
-
Because Apple products sell highest in the US. Apple doesn't even rank in the top 25 worldwide.
You know how I know you don't know anything about statistics?
-
avoidz said:
I see thousands of Apple followers with Dawson crying faces right about now.
-
Only one thing worse than the apple fanbois... and that's the windows fanbois who desperately want every other OS to be as full of holes as their malware sponge of choice...
-
Only one thing worse than the apple fanbois... and that's the windows fanbois who desperately want every other OS to be as full of holes as their malware sponge of choice...It's not windows users who wants every other OS to be just as popular. If every other OS was just as popular, they would be just as big a Mal-ware sponge.
You are hiding behind a guest account because you don't want to make these comments as a registered user.
-
Any software can be compromised. ANY, ANYWHERE period. It is the nature of executing instructions.You forgot "5", nobody bothers writing malware for Macs.
Regardless, Mac's still fair multitudes better in this regard mainly due to four related factors:
1. Less proliferation
2. Higher price of entry
3. Quality control
4. More locked down
As OS X transitions to the iOS way of doing things, 3 and 4 will become the prominent factors for it's superiority in regards to infection.
Well, I suppose I should have said, "almost nobody"...
Only one thing worse than the apple fanbois... and that's the windows fanbois who desperately want every other OS to be as full of holes as their malware sponge of choice...No, I think it's just that Windows users are just flat out tired of being talked down to by a bunch of "yuppies with more money than brains"(*), and an almost complete lack of computer knowledge.(*) Add "itinerant guest trolls at Techspot", to that elite.
-
1 person liked this |
Woohoo, lets skip ahead another 13 months.
-
Wouldn't normally reply to this. But, I have seen CC bump 2 threads in the last 3? days just to revisit an argument that had died months before. One was odd, 2 seems really odd, is this going to be a trend CC? I enjoy your comments even if I don't agree, but bringing back dead threads is a bit much.
-
Wouldn't normally reply to this. But, I have seen CC bump 2 threads in the last 3? days just to revisit an argument that had died months before. One was odd, 2 seems really odd, is this going to be a trend CC? I enjoy your comments even if I don't agree, but bringing back dead threads is a bit much.I don't think I intentionally bumped anything. The threads either were on the front page, or I got an email notice. (? ). Not sure. It could be that Cliff's avatar makes every thread look so new....
Since I'm apparently notorious for looking for an argument, (although personally I don't believe a word of that), in my own defense, I can usually find enough contention in the present to satisfy my need to vent.
But WTF, I suppose I'll just plead insanity...:oops: That's the best excuse I can come up with, since I don't have a cell phone or Nvidia Shield game to blame for "distracted posting".
Then there's the conditioned response I have to many guest posts. It's like waving a red cape in front of a bull.
Edit: Whew, I'm glad I got this up before you locked the thread! That "art film" was taking forever to download...
-
OMG Cap, you are hilarious! Nobody can say, you don't have a sense of humor.
Are you sure you don't want a nVidia Shield or iPhone?
-
OMG Cap, you are hilarious! Nobody can say, you don't have a sense of humor.Oh, I'd venture to say a few people around here might differ with you on that... The Shield...., never!
Are you sure you don't want a nVidia Shield or iPhone?
OTOH, if the iPhone comes with a pair of barely legal redheads who are willing to engage in a game of "hide the telephone, and let me call you", then I'm "all in". (So to speak)...
Most Popular
| Trending | Featured |
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.