The Inquirer-Home

600,000 infected Macs are found in a botnet

Over half a million and rising
Thu Apr 05 2012, 09:43

A RUSSIAN SECURITY FIRM says that it has stumbled upon a botnet that has hijacked an impressive 600,000 infected Mac computers.

The firm, called Dr Web, first said that it had found half a million infected computers but later upped the number in a tweeted message, where it added that some of the bots are in Cupertino.

In a blog post it said that it had studied the Trojan, called Backdoor.Flashback.39 and found it on over 550,000 machines. The firm found these around the world with around 12 per cent of the haul in the UK, 19 per cent in Canada and over 50 per cent in the US.

"Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system," it said.

"JavaScript code is used to load a Java-applet containing an exploit. Doctor Web's virus analysts discovered a large number of web-sites containing the code."

Infected web sites are listed by the firm and most of them are in the .ru for Russia domain. They range from some related to films through streaming television services to something called Gangstasparadise.

It added that it had heard from "sources" that there might be four million compromised web pages on a Google SERP and cases of infection when visiting dlink.com.

Apple has fixed the vulnerabilities in its most recent Mac OS X updates. You are, of course, advised to update your software.

Once onboard the Trojan will search for files that it can use to install itself, then it will generate a list of control servers and send a notification of success to the bot herder. Dr Web said that over time it will send consecutive queries to control server addresses.

There is some debate about the figures in the security industry, and in a message on Twitter F-Secure's Mikko Hyponnen linked to a report on the numbers with the rider, "We can't confirm or deny the figure."

This got a response from Dr Web's malware analyst Ivan Sorokin. "At this moment botnet Flashback over 600k, include 274 bots from Cupertino and special for you Mikko - 285 from Finland," he said.

The author of the newly linked report, Adrian Sanabria recommends that the figures be disregarded until they can be independently verfied. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Coding challenges

Who’s responsible for software errors?