Flashback Infection Hits 700,000 Mac Users
Apr 5, 2012 3:16 PM PT
More than 700,000 Macintosh computers have been infected with malware that exploits a flaw in Java, and the number keeps growing.
The Flashback Trojan, which plants an executable file on a Mac that fetches additional malware, was uncovered earlier this week by Doctor Web.
The infection has reached 700,000 computers, but its growth has slowed down, Doctor Web CEO Boris Sharov told MacNewsWorld.
"If the current numbers are correct, this would be largest infection on the Mac we've ever seen before," Symantec Researcher Liam O Murchu told MacNewsWorld
The Trojan is spread whenever a Mac comes into contact with an infected webpage. It's estimated that there are some 4 million pages on the Web infected with the malware.
Once a Mac lands on an infected page, the Trojan is planted on it without the operator's knowledge. Then the malware downloads more pernicious software from its master's servers.
Two kinds of software are being pulled into infected Macs at the moment, according to Sophos Security Advisor Chet Wisniewski.
One software payload tries to steal passwords from an infected system.
The other payload redirects online searches to other locations on the Web. " When you go to Google, it takes you someplace else that looks a lot like Google but generates advertising revenue for the bad guys," he told MacNewsworld.
Apple did not respond to our request for comment on this story.
However, on Tuesday it released a new version of Java, 1.6.0_31, that addresses the flaw that Flashback is exploiting.
"Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox," Apple explains on a support Web page.
"Visiting a Web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user," it added.
A fix for the flaw in Java for Windows and Linux was released by Oracle in February -- right about the time the infections started appearing on Macs.
"When Oracle released the patch in February, we would have expected that Apple would have patched it much sooner than waiting for seven weeks until this crisis developed," Wisniewski observed.
"Their response time on patching Java has been atrocious," he maintained. "Over the last several years, on average, they've been somewhere around six months behind in patching vulnerabilities in Java, although in the last six months they've improved to two to three months behind."
While Flashback has focused much attention on Apple, its mischief reaches beyond the Mac realm, according to Doctor Web's Sharov.
"One should be aware that the attack was a global on e-- against Windows, Macs and Linux," he told MacNewsWorld.
"We often see such attacks, and this one was not an exception," he continued. "You visit an infected site and the script immediately determines which system you are on and it gets the 'right' malware for you."
Mac Owners Have Money, Too
Attacks on Macs are nothing new, he added. Doctor Web identified a Mac botnet two years ago, and that wasn't the first found in the wild, he noted.
"Mac users have something to share with the criminals -- their money," he added. "Why should the criminals not to accept it? And Mac users are much more careless, as they all believe their Macs are safe."
A turning point in Mac scams occurred last year with the arrival of a phony antivirus software epidemic, asserted Roel Schouwenberg, a senior researcher with Kaspersky Lab.
"All of a sudden, people saw OS X could be attacked on a big scale and you could make money off it," he told MacNewsWorld.
For Mac users who are hoping Flashback will be a flash in the pan, Dave Marcus, director of advanced research and threat intelligence at McAfee Labs, has some bad news for you. Mac malware infections are on an upward trend.
"They're up from last quarter and the quarter before," he told MacNewsWorld. "This attack is part of a larger trend of more malware targeting Mac and Mac users."