Malware, Network Security, Vulnerability Management

U.S. accounts for over half of Flashback-infected Macs

For once, Windows users are getting a break. In a rare botnet campaign targeting Macs, some 600,000 machines have been infected with a sophisticated trojan that can steal personal information, according to a Russian anti-virus firm.

Researchers began reporting this week about a new variant of the Flashback trojan actively exploiting a Java vulnerability in Mac OS X systems. Apple released a patch the following day, but apparently not quickly enough.

That's because Flasback already has poisoned nearly 600,000 machines globally, and more than half -- 303,440 -- are located in the United States, according to a report Wednesday from AV vendor Dr. Web,

A computer can become infected with the malware strain through a drive-by download, which involves nothing more than visiting a bogus web page. Once installed on the machine, Flashback appears capable of a number of malevolent actions, including stealing data, hijacking search results and installing additional malware.

Dr. Web researchers were able to “sinkhole” one of the botnet's command-and-control hubs so that traffic was redirected to their own servers, which allowed them to not only count the number of compromised machines, but also isolate their location down to the city.

For example, 274 Flashback-infected Macs were located in Cupertino, Calif., where Apple has its headquarters.

The 600,000 total number certainly may seem high, considering Macs have largely gone untouched by hackers, but so far no security vendors are challenging Dr. Web's findings.

“Infection numbers are kind of dicey because you have to rely on a whole series of vendors to say, ‘Well, we detected this many,'” Dave Marcus, director of advanced research at McAfee, told SCMagazine.com. “It's a significant amount of infected computers any way you look at it.”

Sean Sullivan, a security adviser at security firm F-Secure, agreed.

"We have no reason to doubt what they're reporting," Sullivan told SCMagazine.com in a Twitter message. "I can tell you that lots of samples -- more than average -- have been submitted to our support portal."

Although the Windows operating system seems to be the platform of choice for online miscreants, Marcus said this botnet fits right in with the trend of increasing malware attacks on the Mac platform.

“Functionality wise it's actually very similar to the stuff we run into on a PC platform,” he said. “What people need to be focusing on is the fact that Macs need to be protected just like any other hardware and any other operating system.”

An Apple spokesperson could not be reached for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.