Flashback Trojan hits 300K US Macs, is your computer compromised?

botnetThe times when Apple computers were malware-free are far gone. Mac users need to be wary, as the Flashback Trojan has taken a toll on Mac OS X computers, stealing person information through Web browsers and Java.

According to a report today from Russian antivirus company Dr. Web, the growing Mac botnet had originally laid claim to 500,000 Mac computers, but later that number was updated to 600,000. At least 274 of those bots were found to be checking in from Cuptertino, CA.

The numbers point out that 57 percent (303,449) of the compromised Macs are US located, and around 20 (106,379) percent lie festering in Canada. The UK has the third largest number of infected Macs, claiming 12 percent of the botnet. Australia comes in fourth with 32,527 infected hosts.

Users were infected with BackDoor.Flashback.39 after being redirected to a bogus website. A Google SERP in March points to there being at least four million compromised web pages, and some users have reported infection when visiting dlink.com. Once the JavaScript code loads a Java-applet contining the exploit, the exploit downloads a payload from a remote server. There are then two versions of the Trojan. The first way hunts down these components in the hard drive:

/Library/Little Snitch


/Applications/VirusBarrier X6.app





/Applications/Packet Peeper.app

If not found, the Trojan uses “a special routine to generate a list of control servers,” and begins checking in with those servers.

The malware was first discovered back in September 2011, and masqueraded as a fake Flash Player installer. The latest variant took over this past weekend, going after a Java vulnerability. The vulnerability (CVE-2012-0507) was closed by Apple Tuesday. It’s recommended that a security updated by downloaded from support.apple.com/kb/HT5228

Get our Top Stories delivered to your inbox: