NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > InfoSec News> 2012-q2

[ISN] Flashback trojan reportedly controls half a million Macs and counting

From: InfoSec News (alertsinfosecnews.org)
Date: Thu Apr 05 2012 - 01:49:42 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://arstechnica.com/apple/news/2012/04/flashback-trojan-reportedly-controls-half-a-million-macs-and-counting.ars

By Jacqui Cheng
ars technica
April 4, 2012

Variations of the Flashback trojan have reportedly infected more than
half a million Macs around the globe, according to Russian antivirus
company Dr. Web. The company made an announcement on Wednesday—first in
Russian and later in English—about the growing Mac botnet, first
claiming 550,000 infected Macs. Later in the day, however, Dr. Web
malware analyst Sorokin Ivan posted to Twitter that the count had gone
up to 600,000, with 274 bots even checking in from Cupertino, CA, where
Apple's headquarters are located.

We have been covering the Mac Flashback trojan since 2011, but the most
recent variant from earlier this week targeted an unpatched Java
vulnerability within Mac OS X. That is, it was unpatched (at the time)
by Apple—Oracle had released a fix for the vulnerability in February of
this year, but Apple didn't send out a fix until earlier this week,
after news began to spread about the latest Flashback variant.

According to Dr. Web, the 57 percent of the infected Macs are located in
the US and 20 percent are in Canada. Like older versions of the malware,
the latest Flashback variant searches an infected Mac for a number of
antivirus applications before generating a list of botnet control
servers and beginning the process of checking in with them. Now that the
fix for the Java vulnerability is out, however, there's no excuse not to
update—the malware installs itself after you visit a compromised or
malicious webpage, so if you're on the Internet, you're potentially at
risk.

If you think one of your machines may be infected, F-Secure has
instructions on how to use the Terminal to find out.

[...]

_______________________________________________
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]