Over Half a Million Macs Infected by Flashback Trojan
The majority of the infected computers are located in the U.S. and Canada, according to Doctor Web.
According to Russian anti-virus company Doctor Web, the Flashback botnet now includes more than 600,000 infected computers, the majority of them located in the U.S. and Canada.
"Once onboard the Trojan will search for files that it can use to install itself, then it will generate a list of control servers and send a notification of success to the bot herder," writes The Inquirer's Dave Neal. "Dr Web said that over time it will send consecutive queries to control server addresses."
"Dr. Web says it employed a sinkhole technique to intercept the bot installed by the newest Flashback trojan, and directed the bots to its own servers where it could analyse the traffic," The H Security reports. "Each bot includes a unique ID of the machine it has infected in the query string it sends to the command and control server; it is these unique IDs that Dr. Web has used to calculate the infection count."
"Apart from the alarming number of infections, Dr Web also notes that some of the compromised web pages that delivered the Trojan belong to D-Link," writes Geek.com's Lee Mathews. "That’s a pretty big black eye for a network hardware vendor, particularly one who offers a range of VPN and Firewall appliances."
"Flashback has been exploiting three different Java vulnerabilities in the last few months, and although Apple issued a patch for the most recent one on Tuesday, there likely still are plenty of vulnerable machines online," writes Threatpost's Dennis Fisher.
April 13, 2012
Apple is taking steps to address the Java vulnerabilities behind the Flashback Trojan outbreak. But Java isn't the only attack vector for OS X -- and Apple users can no longer cling to the belief that Macs are virtually immune to malware.