Flashback malware infects 2% of all Macs

Second source confirms massive Mac infestation, claims more than 600K machines compromised

By , Computerworld |  Security

Nearly 2% of the Macs whose owners have checked their computers have been infected with the Flashback malware, according to a Russian antivirus company.

Of the 55,000 users who have used Dr. Web's free tool to determine whether their Macs had been infected by Flashback, just over 1,000 have been told their computers harbor the malware and are part of a growing botnet.

That means approximately 1.8% of the checked Macs are infected.

To put the Flashback infection rate into context, Conficker, a worm that plagued massive numbers of PCs from the fall of 2008 through the spring of 2009, infected as many as 4%-5% of all Windows systems at its most active.

Dr. Web's free tool matches the UUID (universally unique identifiers), a fingerprint of each individual Mac, to the list of infected systems the company compiled after "sinkholing," or commandeering, a command-and-control (C&C) server that took calls from compromised computers.

The tool's data is not a scientific survey, of course, since users must steer to the Web-based tool manually, likely after reading about the Flashback malware and suspecting that their Mac has been infected.

Last week, Dr. Web estimated that more than half a million Macs had been hit with Flashback through social engineering trickery and drive-by attacks that silently exploited a critical vulnerability in Oracle's Java.

Also last week, Apple patched Java for Mac OS X users, but the fix came seven weeks after Oracle quashed the bug for Windows and Linux users. Apple maintains Java for its users, a practice that has prompted some experts to bash the company's lethargic patching, which has lagged behind Oracle by months in some cases.

Dr. Web later revised its estimate of hijacked Macs to more than 600,000.

Although several security researchers said that Dr. Web's numbers seemed legitimate, it wasn't until Friday that Moscow-based Kaspersky Lab was able to confirm the size of the Flashback botnet.

Kaspersky analyzed Flashback's communications technique, and on Thursday registered a C&C domain before the hackers could get to it. The infected machines then contacted that domain.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness