'Flashback' trojan estimated to have infected 600K Macs worldwide
A trojan horse named "Flashback" that surfaced last year is believed to have created a botnet including more than 600,000 infected Macs around the world, with more than half of them in the U.S. alone.
Russian antivirus company Dr. Web issued a report on Wednesday noting that 550,000 computers running OS X had been infected by BackDoor.Flashback variants of the malware, as highlighted by ArsTechnica.
An analyst for the company later updated the figure to note that the size of the botnet had reached 600,00. He also pointed out that 274 bots are originating from Apple's hometown of Cupertino, Calif.
According to a map released by the firm, 56.6 percent of infected computers are located in the United States. Canada was second with 19.8 percent, followed by the U.K. with 12.8 percent of cases.
Apple released a Java Security update on Tuesday to resolve the vulnerabilities that the malware is exploiting, but not before a number of Mac users had been hit with the malicious software. Oracle first issued a fix for the vulnerability in February.
Security firm Intego publicized the Flashback trojan last September. Some variants of the software were even discovered with the potential to disable anti-malware protections within OS X.
Researchers F-Secure have provided instructions on how to detect and remove the malware.
[ View article on AppleInsider ]
Comments
- "Dr. Web" of Russia is for real?
- they actually know what they are talking about?
- they have some fact-based stats, and are not pulling numbers out of their butt?
- anybody knows the identify of any of the purported Trojan websites? like even one? and has proved it is in fact operational as reported?
...infected by BackDoor.Flashback variants of the virus,...
...to resolve the vulnerabilities that the virus is exploiting
What is it now? Didn't you write, that it is a trojan, but now you write, it is a virus.
Make up your mind.
Anyway, since there are no viruses affecting Mac OS X in public circulation, this is probably a trojan. To learn the difference, which is just a tiny bit important, as the word "virus" probably gets you more clicks, look here.
um, has anybody at AI (or anyplace) bothered to check if:
- "Dr. Web" of Russia is for real?
- they actually know what they are talking about?
- they have some fact-based stats, and are not pulling numbers out of their butt?
- anybody knows the identify of any of the purported Trojan websites? like even one? and has proved it is in fact operational as reported?
Exactly ! Pitiful research, pitiful article and it's a pity AppleInsider reposted this junk (which makes it worse imho).
I find it striking that Dr. Web know exactly how many bots came from Cupertino ... not 273 and not 275...exactly 274.
PS: No AV software either and i strongly discourage using AV on Macs for the time being. My whole office is packed with Macs and, among others, as IT administrator, we had no problems whatsoever with any kind of malware ever. Those apps like MacScan and AV software imho are made just to sell you their product for bs reasons. Practice safe computing and common sense and it's all ok
NOT.
A trojan (NOT virus) is essentially a lie: someone tells you to install something, and you decide to trust them, but what you get is actually something different. There can never be complete protection from being lied to--although Apple seems to have largely cracked that challenge with Lion. So enjoy your Mac trojan-making while you can!
* Which never happens (for me).
"Installation
On execution, the malware checks if the following path exists in the system:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If any of these are found, the malware will skip the rest of its routine and proceed to delete itself."
Good thing I've got Little Snitch installed, no Trojan here.
OMFG I'm infected
...
NOT.
Oh, good, my heart skipped a beat there.
I'm free too, which means that I still go back to the mid-eighties for my last known trouble with a virus (although this is a Trojan). My computer's free too.
um, has anybody at AI (or anyplace) bothered to check if:
- "Dr. Web" of Russia is for real?
- they actually know what they are talking about?
- they have some fact-based stats, and are not pulling numbers out of their butt?
- anybody knows the identify of any of the purported Trojan websites? like even one? and has proved it is in fact operational as reported?
My thoughts exactly. It is always amazing how these "security companies" come up with such exact numbers, that too country wise! And always from pedlars of "security software". Talk about vested interest or scareware as you wish to call it.
Or for you guys, maybe it does?
Is it against the rules to mention that my trackpad broke the other day? Or the home button on my iPhone is unresponsive without pressing fairly hard?
I've had a few other problems also. It's a mixed bag, here in reality. Maybe you're better off not joining me after all. :P
I had the variant that installed in my global preferences and intercepted my Safari screen characters and keystrokes. It got access to my Mac using Java, without me typing the Admin password or notifying me to install it. This stealth trojan had been running for about a month now, before I discovered it.
I have now turned off Java, and updated to the latest Apple supplied version of Java which they just released a day or so ago. This exploit in Java has been known since February, and I am very annoyed with Apple for not fixing their version of Java, and notifying us of this earlier. It would have likely prevented the Java hole to exist that this trojan exploited to infect my Mac Pro without my knowledge.
I was unhappy to find out today that I had this trojan installed on my Mac Pro, but I am relieved now that I was able to uninstall it. I changed my various online account passwords, to prevent the people who ran this botnet from using my personal account names and passwords.
I thought my Mac was more secure than this. I appreciate the reports about this trojan, which caused me to check, and let me know my Mac had been compromised.
From the F-secure link:-
"Installation
On execution, the malware checks if the following path exists in the system:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If any of these are found, the malware will skip the rest of its routine and proceed to delete itself."
Good thing I've got Little Snitch installed, no Trojan here.
Not necessarily true, I got the .rserv variant in my home folder the other day, luckily I have Little Snitch installed but that didn't prevent it faking a software update dialogue in a failed attempt to have me give it my password, or prevent it attempting to download the payload from various Russian servers... which was blocked by Little Snitch, alerting me to the trojan.
I'm an IT guy - I probably got this from an unsafe website like a bittorrent site and the trojan didn't manage to install but the fact that it downloaded itself and faked a software update dialogue is deeply troubling!
In our office I'm the only one with the admin password though, so although people could download the trojan the impact should be limited.
I noticed Dr Web posting on the apple communities posts regarding this issue - he seemed well informed - but given that it's been proven before that a large Russian group is responsible for at least a large part of these attacks it is kinda funny to see a Russian antivirus company cited here.
um, has anybody at AI (or anyplace) bothered to check if:
- "Dr. Web" of Russia is for real?
- they actually know what they are talking about?
- they have some fact-based stats, and are not pulling numbers out of their butt?
- anybody knows the identify of any of the purported Trojan websites? like even one? and has proved it is in fact operational as reported?
Yes it is for real. You could have find out yourself if you have checked with Google. But of course you can not use Google because Google is "The Enemy", right?
Doctor web is an antivirus company established in 1992: http://en.wikipedia.org/wiki/Dr._Web
That's tantamount to saying you sleep around bareback because you run in the *right* circle (where all women use the pill and no one has STDs).
You don't feel the need to use AV because the odds are on your side. Fine. But to brag about it like you've accomplished something special?
How do you spell naive?
Please... do not fall to the shame and disgrace of publishing sensationalism. You do not need to garnish more page views from this tactic. Keep your loyal readers by keeping to sensible journalistic standards!
What you term as a "Virus" is NOT a virus. Here is the one and only thing you really need to know (though better to know more). If you need to enter in your (admin) password, its not a virus. Simple!
sigh.... I am loosing faith.
I WAS infected with this Trojan, until I saw this article and followed the uninstall instructions. The trojan installed without my permission ~ March 3rd according to the file date of the trojan that was installed.
I had the variant that installed in my global preferences and intercepted my Safari screen characters and keystrokes. It got access to my Mac using Java, without me typing the Admin password or notifying me to install it. This stealth trojan had been running for about a month now, before I discovered it.
I have now turned off Java, and updated to the latest Apple supplied version of Java which they just released a day or so ago. This exploit in Java has been known since February, and I am very annoyed with Apple for not fixing their version of Java, and notifying us of this earlier. It would have likely prevented the Java hole to exist that this trojan exploited to infect my Mac Pro without my knowledge.
I was unhappy to find out today that I had this trojan installed on my Mac Pro, but I am relieved now that I was able to uninstall it. I changed my various online account passwords, to prevent the people who ran this botnet from using my personal account names and passwords.
I thought my Mac was more secure than this. I appreciate the reports about this trojan, which caused me to check, and let me know my Mac had been compromised.
As a Mac Pro user I am surprised you are not a bit more savvy. I would suggest investing in Little Snitch rather than relying on Christian Prayers & Music.