More Than Half A Million Apple Mac Computers Infected With Trojan Malware

According to a Russian ant-virus firm, Dr. Web, there are about more than half a million Apple Macintosh computers infected by malware, Flashback Trojan.

Flashback Trojan has been in the public eye since it was uncovered by security firm Intego last year.

Flashback masqueraded as an installer for Adobe’s Flash Player, hence the name, but the malware has changed tacks at last once since then, instead pretending to be a Mac software update or a Java updater.

The firm, Dr. Web, says that more than half that number are based in the US.
Apple has released a security update, but users who have not installed the patch remain exposed.

In the past few months, Flashback has evolved to exploiting Java vulnerabilities. The malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user’s permission.

Dr. Web said that once the Trojan was installed it sent a message to the intruder’s control server with a unique ID to identify the infected machine.

“By introducing the code criminals are potentially able to control the machine,” according to the firm’s chief executive Boris Sharov.

“We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals’ hands. However, we know people create viruses to get money.

“The largest amounts of bots, based on the IP addresses we identified – are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people.”

Dr. Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California, home to Apple’s headquarters.

Java’s developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.

Apple released its own ‘security update’ on Wednesday, more than eight weeks later. It can be triggered by clicking on the software update icon in the computer’s system preferences panel.

The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.

“People used to say that Apple computers, unlike Windows PCs, can’t ever be infected, but it’s a myth,” said Timur Tsoriev, an analyst at Kaspersky Lab.

Leave a Comment