Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Development
    • Mobile
    • PC Hardware

    Mac Botnet Infects More Than 600,000 Apple Computers

    Written by

    Jeff Burt
    Published April 5, 2012
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      More than 600,000 Apple Mac computers worldwide€”more than half of them in the United States€”have been hit by a new fast-moving variant of the Flashback Trojan malware that uses Javascript code rather than relying on user interaction, according to security researchers.

      Officials with security software company Intego said in an April 3 blog post that they found samples of the new Flashback Trojan March 23, and noted that the new malware€”like the previous version discovered last year€”uses two Java vulnerabilities, they said, one of which was patched by Apple April 3. The malware attacks Macs running the Mac OS X operating system.

      Bloggers from Russian security company Doctor Web said in a post April 4 that the new Flashback variant had compromised up to 550,000 Mac computers, more than 300,000 of which were in the United States and more than 106,000 in Canada. Later in the day, Ivan Sorokin, an analyst with Doctor Web, said in a Twitter update that the number of Macs infected by the Trojan had jumped to more than 600,000.

      In addition, Sorokin noted that 274 of the infected Macs were found in Cupertino, Calif., where Apple keeps its headquarters.

      Doctor Web officials said in their blog that they were able to redirect some of the botnet traffic to their own servers in an operation, known as €œsinkholing,€ and were able to count the number of infected hosts.

      The number of variants seems to be growing. Intego officials said they have been finding new samples and variants of the malware almost daily since March 23, and those samples are not all the same as those that other security companies are reporting they have found. The latest variant that Intego has is called Flashback.R.

      €œIn any case, the safest thing that users can do is turn off Java in their Web browser,€ Intego said in its blog post. €œIf you use Safari, choose Safari > Preferences, then click on Security. Uncheck Enable Java, to ensure that no Java applet can run. For other browsers, check in their security preferences as well.€

      Security software vendor F-Secure began talking about the new Flashback variants April 2, with a blogger saying that company officials have €œbeen anticipating something like this for a while now.€

      €œIt appears that the Flashback gang is keeping up with the latest in exploit kit development,€ the blogger said, noting that a report by another security blogger the week before said the latest Flashback variant had been incorporated into the Blackhole exploit kit. €œAnd that’s not all. Though it is unconfirmed, there are rumors of yet another available exploit for an €˜as-yet unpatched critical flaw in Java€™ on sale. So if you haven’t already disabled your Java client, please do so before this thing really becomes an outbreak.€

      F-Secure couldn€™t say whether an outbreak has actually occurred. On Twitter April 4, Mikko Hypponen, the company€™s chief research officer, said he couldn€™t confirm Doctor Web€™s number of more than 600,000 infected Macs, saying, €œWe don€™t have good stats on Mac malware.€

      Doctor Web officials on their blog said, €œSystems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit. Doctor Web’s virus analysts discovered a large number of Websites containing the code.€

      The Russian company said cyber-criminals began exploiting two vulnerabilities in February, then switched to another after March 16. That last vulnerability was closed by Apple€™s patch April 3.

      €œThe exploit saves an executable file onto the hard drive of the infected Mac machine,€ Doctor Web said. €œThe file is used to download malicious payload from a remote server and to launch it. Doctor Web found two versions of the Trojan horse; attackers started using a modified version of Backdoor.Flashback.39 around April 1.€

      Like older versions, the latest variant first searches the hard drive of the infected Mac for particular components, then€”if the files aren€™t found€”€œthe Trojan uses a special routine to generate a list of control servers, sends an installation success notification to intruders’ statistics server and sends consecutive queries at control server addresses.€

      Security experts have seen a growing number of Mac malware incidents since last year, including the Tsunami Trojan and the Revir/Imuler Trojan. The Flashback malware€”named as such because it masquerades itself as an update to Adobe Flash, or Flash Player installer€”was first detected in September 2011.

      Macs for a long time were thought to be particularly resistant to malware attacks. However, researchers late last year warned that future attacks were inevitable.

      “If the bad guys think they can make money out of infecting and compromising Macs, they will keep trying,” Graham Cluley, a senior technology consultant at Sophos, said in a blog in October 2011, predicting more malware targeting “poorly defended Mac computers.”

      Mike Geide, senior security research at Zscaler ThreatLabZ, agreed.

      “This latest wave of infections is a wake-up call to Mac users that their system is not immune to threats,” Geide said in an email. “And the need to follow best security practices, such as remaining current with patches, is ubiquitous — it doesn’t matter if you’re using Windows, Mac, or even [a] mobile phone.”

      Jeff Burt
      Jeff Burt
      Jeffrey Burt has been with eWEEK since 2000, covering an array of areas that includes servers, networking, PCs, processors, converged infrastructure, unified communications and the Internet of things.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×