Researchers learn Flashback trojan is still infecting Apple computers

Share this article:
The Flashback trojan is still active and infecting computers, according to a post by Intego.
The Flashback trojan is still active and infecting computers, according to a post by Intego.

Although Apple has a good reputation for producing computers and other devices that are well-protected against malware, a trojan identified in 2011 is still active and infecting computers, according to a post by Mac security software company Intego.

OSX/Flashback.A, known simply as Flashback, originally popped up on the radar in 2011 and, by 2012, had ensnared up to 650,000 users in a botnet. The trojan is capable of a number of malevolent actions, including stealing data, hijacking search results and installing additional malware.

Apple quickly took measures to eliminate the threat, such as releasing two updates for Mac OS X to correct the vulnerability that was enabling Flashback to spread.

According to a Tuesday post by Arnaud Abbati, an Intego security researcher, the Apple-focused company purchased command-and-control server domain names earlier this year to monitor the Flashback threat. After five days, researchers recorded 22,000 infected machines and 14,248 unique identifiers of the latest Flashback variants, Abbati explained.

“By design, Flashback is versatile; it is a nasty little malware,” Abbati wrote. “It is self-encrypted, and with the UUID of the infected machine it sends unique information about the machine owner to its command and control server, so targeted variants could already be in the wild.”

There are several anti-virus programs available to scan for and remove Flashback. An Intego spokesperson did not respond to a SCMagazine.com request for comment.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.