We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

600,000 Infected Macs Found In Botnet

More than 56 percent of the infected computers are in the U.S., according to Dr. Web, a Russian antivirus vendor.

A Mac trojan horse spotted by security analysts since last year has infected more than 600,000 Apple computers, says Dr. Web, a Russian antivirus vendor. Apple only patched the vulnerability this week, around a month after hackers began spreading the BackDoor.Flashback.39 trojan, with most infected Macs located in the United States and Canada.

More than 56 percent of the infected computers are in the U.S., almost 20 percent in Canada, and almost 13 percent in the U.K. Other European countries, as well as Japan and Australia, reportedly have infection rates of below 1 percent.

How to check if your Mac is Flashback infected

“Systems get infected after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system,” the Russian antivirus vendor said. “JavaScript code is used to load a Java-applet containing an exploit. Dr. Web's virus analysts discovered a large number of websites containing the code.”

The infected websites listed by the company are mainly in the .nu domain (assigned to the island state of Niue), ranging from URLs related to movies and TV streaming services to a domain called Gangstasparadise.

How the Vulnerability Works

It appears the attackers began to exploit vulnerabilities to spread malware in February, and after March 16 they switched to another exploit. Apple closed the vulnerability April 3, and users are advised to update their OS in case they haven’t already (get the update here).

Dr. Web says the exploit saves an executable file onto the hard drive of the infected Mac, which is used to download malicious payload from a remote server and to launch it. The firm used sinkhole technology to redirect the botnet traffic to their own servers to count infected hosts, and more than 300,000 appear to be from the U.S. – 274 of which are in Cupertino, Calif., Ivan Sorokin, a malware analyst at Dr. Web, said on Twitter.

How to Find Out if You’re Infected

If you suspect your Mac could be infected, F-Secure has a set of instructions to find out via the Terminal. The firm also explained how the trojan works, so keep an eye out for when you are asked for the admin password: “On execution, the malware will prompt the unsuspecting user for the administrator password. Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.”

Mac Infection Rate Debated

Information security consultant Adrian Sanabria wrote on his blog that he is unconvinced about Dr. Web’s findings: “So far, I haven't seen any other reports numbering the victims of Flashback, but if accurate, such a large infection rate on Macs may change common perception of OS X as ‘virus-proof’ and could result in a spike in Mac antivirus software sales.

“However, given that the company reporting these numbers is in the business of selling antivirus software, I think we need to see their claims corroborated before we get too excited,” he added. Mikko Hypponen from F-Secure commented on Twitter on Dr. Web’s findings, saying: “We can't confirm or deny the figure.”

Follow Daniel Ionescu and Today @ PCWorld on Twitter


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia