Flashback Trojan botnet infects 600,000 Macs


5 Apr 2012

A new Trojan botnet affecting Macs has been discovered and has infected 600,000 machines running Mac OS X globally. Some 0.1pc of infected computers are located in Ireland.

According to anti-virus vendor Doctor Web, the BackDoor.Flashback Trojan infects computers after a user is redirected to a bogus website through a compromised website. It began to exploit the Java vulnerability on 16 March.

JavaScript code is then used to load a Java applet containing an exploit. It saves an executable file onto the hard drive and is used to download malicious payload from a remote server to launch it.

The Trojan searches the machine for anti-virus applications and, if they’re not found, then uses a special routine to generate a list of control servers.

Doctor Web believes that links to more than 4m compromised pages could be found on a Google search engine results page at the end of March.

“This once again refutes claims by some experts that there are no cyber threats to Mac OS X,” wrote Doctor Web in a statement.

Sorokin Ivan, malware analyst at Doctor Web, said 600,000 Macs have been infected with the malware. Some 56.6pc of infected Macs were found in the US, 12.8pc were found in the UK and 0.1pc were found in Ireland.

Apple released a security update to fix this vulnerability and anti-virus provider F-Secure has provided instructions on how to remove the Trojan if a user believes his or her machine is infected.